Информационная безопасность
[RU] switch to English


DoS через драйвер видео ATI
Опубликовано:9 января 2014 г.
Источник:
SecurityVulns ID:13517
Тип:клиент
Уровень опасности:
6/10
Описание:Уязвимость в видеодрайвере приводит к отказу системы, в качестве вектора может быть использован flash.
Оригинальный текстdocumentMustLive, DoS vulnerability in Adobe Flash Player (BSOD) (09.01.2014)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:9 января 2014 г.
Источник:
SecurityVulns ID:13507
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:OWNCLOUD : owncloud 5.0
 INSTANTSOFT : InstantCMS 1.10
 MEDIAWIKI : mediawiki 1.20
 LIVEZILLA : LiveZilla 5.1
 HORIZON : QCMS 4.0
 BURDEN : Burden 1.8
 EDUTRAC : eduTrac 1.1
 WORDPRESS : Ad-minister 0.6
 WORDPRESS : AskApache 3.0
 WORDPRESS : WP-Cron Dashboard 1.1
 JOOMLA : MijoSearch 2.0
 1C : Bitrix Site Manager 12.5
 TYPO3 : TYPO3 6.1
 MUNIN : munin 2.0
 REVIVEADSERVER : Revive Adserver 3.0
 UNITEDSECURITYPR : Secure Entry Server 4.7
 JENKINS : Jenkins CI 1.523
 SAMSPADE : SAMSPADE 1.14
 VTIGER : Vtiger 5.4
 FLASHCANVAS : FlashCanvas 1.5
 APACHE : Solr 4.5
 CSP : CSP MySQL User Manager 2.3
 WORDPRESS : WordPress 3.7
 DEWPLAYER : Dewplayer 2.2
CVE:CVE-2013-7149 (SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method.)
 CVE-2013-7139 (SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter.)
 CVE-2013-7138 (Directory traversal vulnerability in lib/functions/d-load.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the start parameter.)
 CVE-2013-7137 (The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypass authentication and gain privileges by setting the burden_user_rememberme cookie to 1.)
 CVE-2013-7097 (Directory traversal vulnerability in 7 Media Web Solutions eduTrac before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the showmask parameter to installer/overview.php.)
 CVE-2013-7081 (The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors.)
 CVE-2013-7080 (The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment.")
 CVE-2013-7079 (Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.)
 CVE-2013-7078 (Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. NOTE: this might be the same vulnerability as CVE-2013-7072.)
 CVE-2013-7076 (Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x before 4.5.32 and 4.7.x before 4.7.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2013-7075 (The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a "missing signature.")
 CVE-2013-7074 (Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.)
 CVE-2013-7073 (The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.)
 CVE-2013-7034 (The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie.)
 CVE-2013-7033 (LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an independent cross-site scripting (XSS) attack.)
 CVE-2013-7032 (Multiple cross-site scripting (XSS) vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name of an uploaded file or (2) customer name in a resource created from an uploaded file, a different vulnerability than CVE-2013-7003.)
 CVE-2013-7003 (Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) full name field, (2) company field, or (3) filename to chat.php.)
 CVE-2013-6993 (Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the key parameter in a delete action to wp-admin/tools.php.)
 CVE-2013-6992 (Cross-site request forgery (CSRF) vulnerability in askapache-firefox-adsense.php in the AskApache Firefox Adsense plugin 3.0 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the aafireadcode parameter to wp-admin/options-general.php.)
 CVE-2013-6991 (Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard plugin 1.1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the procname parameter to wp-admin/tools.php.)
 CVE-2013-6880
 CVE-2013-6879
 CVE-2013-6878
 CVE-2013-6839 (SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/[id].)
 CVE-2013-6788 (The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote attackers to guess the cookie value and bypass authentication via a brute force attack.)
 CVE-2013-6408 (The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6407.)
 CVE-2013-6407 (The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.)
 CVE-2013-6403 (The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to MariaDB.)
 CVE-2013-6397 (Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/select/, when the response writer (wt parameter) is set to XSLT. NOTE: this can be leveraged using a separate XXE (XML eXternal Entity) vulnerability to allow access to files across restricted network boundaries.)
 CVE-2013-6359 (Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses "multigraph" as a multigraph service name.)
 CVE-2013-6048 (The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin before 2.0.18 allows remote nodes to cause a denial of service (infinite loop and memory consumption in the munin-html process) via crafted multigraph data.)
 CVE-2013-5573 (Cross-site scripting (XSS) vulnerability in the default markup formatter in CloudBees Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.)
 CVE-2013-5573 (Cross-site scripting (XSS) vulnerability in the default markup formatter in CloudBees Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.)
 CVE-2013-4572
 CVE-2013-4568 (Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain non-ASCII characters in CSS, as demonstrated using variations of "expression" containing (1) full width characters or (2) IPA extensions, which are converted and rendered by Internet Explorer.)
 CVE-2013-4567 (Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a \b (backspace) character in CSS.)
 CVE-2013-2764
 CVE-2013-2629 (Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite actions in action.php.)
 CVE-2013-2628 (Multiple cross-site request forgery (CSRF) vulnerabilities in action.php in Leed (Light Feed), possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for unspecified requests, related to the lack of an anti-CSRF token.)
 CVE-2013-2627 (SQL injection vulnerability in action.php in Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action.)
Оригинальный текстdocumentMustLive, BF, LE and IAA vulnerabilities in InstantCMS (09.01.2014)
 documentMustLive, Information Leakage and Backdoor vulnerabilities in WordPress (09.01.2014)
 documentMustLive, CSRF, DoS and IL vulnerabilities in WordPress (09.01.2014)
 documentMustLive, URL Redirector Abuse and XSS vulnerabilities in WordPress (09.01.2014)
 documentMustLive, Vulnerabilities in Dewplayer (09.01.2014)
 documentMustLive, Vulnerabilities in plugins for WordPress, Joomla and Plone with Dewplayer (09.01.2014)
 documentcontact_(at)_hammamet-services.com, CSP MySQL User Manager v2.3 SQL Injection Authentication Bypass (09.01.2014)
 documentNicolas Grégoire, Vulnerabilities in Apache Solr < 4.6.0 (09.01.2014)
 documentzoczus_(at)_gmail.com, LiveZilla 5.1.1.0 Stored XSS in operator clients (09.01.2014)
 documentcode_(at)_7elements.co.uk, FlashCanvas 1.5 proxy.php XSS Vulnerability (09.01.2014)
 documentadvisories_(at)_enkomio.com, [SOJOBO-ADV-13-05] - Vtiger 5.4.0 Reflected Cross Site Scripting (09.01.2014)
 documentvishal_mishra_(at)_live.com, SAMSPADE 1.14 BUFFER OVERFLOW (09.01.2014)
 documentzoczus_(at)_gmail.com, LiveZilla 5.1.2.0 Insecure password storage (09.01.2014)
 documentzoczus_(at)_gmail.com, LiveZilla 5.1.2.0 PHP Object Injection (09.01.2014)
 documentzoczus_(at)_gmail.com, LiveZilla 5.1.2.0 Multiple Stored XSS in webbased operator client (09.01.2014)
 documentAlexandre Herzog, [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities (09.01.2014)
 documentAlexandre Herzog, [CVE-2013-2764] Secure Entry Server - URL Redirection (09.01.2014)
 documentChristian Catalano, [CVE-2013-5573] Jenkins v1.523 Default markup formatter permits offsite-bound forms (09.01.2014)
 documentChristian Catalano, [CVE-2013-5676] Plain Text Password In SonarQube Jenkins Plugin (09.01.2014)
 documentMANDRIVA, [ MDVSA-2013:289 ] owncloud (09.01.2014)
 documentMANDRIVA, [ MDVSA-2013:290 ] mediawiki (09.01.2014)
 documentMatteo Beccati, [REVIVE-SA-2013-001] Revive Adserver 3.0.2 fixes SQL injection vulnerability (09.01.2014)
 documentMANDRIVA, [ MDVSA-2013:297 ] munin (09.01.2014)
 documentDEBIAN, [SECURITY] [DSA 2834-1] typo3-src security update (09.01.2014)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in Ad-minister Wordpress plugin (09.01.2014)
 documentHigh-Tech Bridge Security Research, Сross-Site Request Forgery (CSRF) in AskApache Firefox Adsense Wordpress plugin (09.01.2014)
 documentHigh-Tech Bridge Security Research, Cross-Site Scripting (XSS) in WP-Cron Dashboard Wordpress plugin (09.01.2014)
 documentHigh-Tech Bridge Security Research, XSS and Full Path Disclosure in MijoSearch Joomla Extension (09.01.2014)
 documentHigh-Tech Bridge Security Research, User Identity Spoofing in Bitrix Site Manager (09.01.2014)
 documentHigh-Tech Bridge Security Research, SQL Injection in InstantCMS (09.01.2014)
 documentHigh-Tech Bridge Security Research, Path Traversal in eduTrac (09.01.2014)
 documentHigh-Tech Bridge Security Research, Multiple Vulnerabilities in Horizon QCMS (09.01.2014)
 documentHigh-Tech Bridge Security Research, Improper Authentication in Burden (09.01.2014)

Многочисленные уязвимости безопасности в hplip
Опубликовано:9 января 2014 г.
Источник:
SecurityVulns ID:13508
Тип:библиотека
Уровень опасности:
5/10
Описание:Проблема cимвольных, выполнение кода, слабые разрешения.
Затронутые продукты:HP : hplip 3.13
CVE:CVE-2013-6427 (upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream.)
 CVE-2013-6402 (base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file.)
 CVE-2013-4325 (The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.)
 CVE-2013-0200 (HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/hpcupsfilterc_#.bmp, (2) /tmp/hpcupsfilterk_#.bmp, (3) /tmp/hpcups_job#.out, (4) /tmp/hpijs_#####.out, or (5) /tmp/hpps_job#.out temporary file, a different vulnerability than CVE-2011-2722.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2829-1] hplip security update (09.01.2014)

Утечка информации в IBM Web Content Manager
Опубликовано:9 января 2014 г.
Источник:
SecurityVulns ID:13509
Тип:удаленная
Уровень опасности:
5/10
Описание:Можно получить сведения о конфигурации.
Затронутые продукты:IBM : WebSphere Portal 8.0
CVE:CVE-2013-6735 (IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL.)
Оригинальный текстdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20131227-0 :: IBM Web Content Manager (WCM) XPath Injection (09.01.2014)

Переполнение буфера в Hancom Office
Опубликовано:9 января 2014 г.
Источник:
SecurityVulns ID:13511
Тип:локальная
Уровень опасности:
4/10
Описание:Переполнение буфера при разборе HTML.
Затронутые продукты:HANCOM : Hancom Office 2010 SE
Оригинальный текстdocumentdiroverflow_(at)_gmail.com, Hancom Office '.hml' file heap-based buffer overflow (09.01.2014)

Уязвимости безопасности в Evernote для Android
Опубликовано:9 января 2014 г.
Источник:
SecurityVulns ID:13512
Тип:локальная
Уровень опасности:
5/10
Описание:Различные варианты обхода защиты.
Затронутые продукты:EVERNOTE : Evernote for Android 5.5
CVE:CVE-2013-5116
 CVE-2013-5112
Оригинальный текстdocumentlists_(at)_c22.cc, [CVE-2013-5116] Evernote Android Insecure Password Change (one-click setup) (09.01.2014)
 documentlists_(at)_c22.cc, [CVE-2013-5112] Evernote Android Insecure Storage of PIN data / Bypass of PIN protection (09.01.2014)

Уязвимости безопасности в приложениях из AppStore
Опубликовано:9 января 2014 г.
Источник:
SecurityVulns ID:13513
Тип:клиент
Уровень опасности:
5/10
Описание:Уязвимости безопасности в различных приложениях для iOS.
Затронутые продукты:AIRGALLERY : Air Gallery 1.0
 APACHE : Solr 3.6
Оригинальный текстdocumentVulnerability Lab, Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities (09.01.2014)

Переполнение буфера в IcoFX
Опубликовано:9 января 2014 г.
Источник:
SecurityVulns ID:13514
Тип:локальная
Уровень опасности:
4/10
Описание:Переполнение буфера при разборе файлов .ICO
Затронутые продукты:ICOFX : IcoFX 2.5
CVE:CVE-2013-4988 (Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file. NOTE: some of these details are obtained from third party information.)
Оригинальный текстdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2013-1107 - IcoFX Buffer Overflow Vulnerability (09.01.2014)

Выход за пределы ограниченной среды в Android
Опубликовано:9 января 2014 г.
Источник:
SecurityVulns ID:13515
Тип:библиотека
Уровень опасности:
7/10
Описание:Возможен выход за пределы ограниченной среды через android.app.Fragment
Затронутые продукты:ANDROID : Android 4.3
Оригинальный текстdocumentRoee Hay, Android Fragment Injection vulnerability (09.01.2014)
Файлы:Android collapses into Fragments

Уязвимости безопасности в IBM Lotus Notes Traveler
Опубликовано:9 января 2014 г.
Источник:
SecurityVulns ID:13516
Тип:удаленная
Уровень опасности:
6/10
Описание:Межсайтовый скриптинг, подмена запросов.
Затронутые продукты:IBM : Lotus Notes Traveler 8.5
CVE:CVE-2012-4844 (Cross-site scripting (XSS) vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2012-4842 (Open redirect vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.)
Оригинальный текстdocumentMustLive, CSRF, XSS and Redirector vulnerabilities in IBM Lotus Notes Traveler (09.01.2014)

Уязвимости безопасности в Apache Subversion
дополнено с 9 января 2014 г.
Опубликовано:2 марта 2014 г.
Источник:
SecurityVulns ID:13510
Тип:удаленная
Уровень опасности:
5/10
Описание:Обход защиты в mod_dontdothat, DoS.
Затронутые продукты:APACHE : Subversion 1.8
CVE:CVE-2014-0032 (The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command.)
 CVE-2014-0032 (The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial of service (crash) via vectors related to the server root and request methods other than GET, as demonstrated by the "svn ls http://svn.example.com" command.)
 CVE-2013-4558 (The get_parent_resource function in repos.c in mod_dav_svn Apache HTTPD server module in Subversion 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4, when built with assertions enabled and SVNAutoversioning is enabled, allows remote attackers to cause a denial of service (assertion failure and Apache process abort) via a non-canonical URL in a request, as demonstrated using a trailing /.)
 CVE-2013-4505 (The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request.)
Оригинальный текстdocumentSLACKWARE, [slackware-security] subversion (SSA:2014-058-01) (02.03.2014)
 documentMANDRIVA, [ MDVSA-2013:288 ] subversion (09.01.2014)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород