Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в Apple QuickTime (multiple bugs)
дополнено с 6 марта 2007 г.
Опубликовано:9 марта 2007 г.
Источник:
SecurityVulns ID:7349
Тип:клиент
Уровень опасности:
6/10
Описание:Целочисленные переполнения, переполнения буфера и повреждения памяти при разборе различных форматов.
Затронутые продукты:APPLE : QuickTime 7.1
CVE:CVE-2007-0718 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a QTIF file with a Video Sample Description containing a Color table ID of 0, which triggers memory corruption when QuickTime assumes that a color table exists.)
 CVE-2007-0717 (Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.)
 CVE-2007-0716 (Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QTIF file.)
 CVE-2007-0715 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PICT file.)
 CVE-2007-0714 (Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value.)
 CVE-2007-0713 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie file.)
 CVE-2007-0712 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file.)
 CVE-2007-0711 (Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file.)
Оригинальный текстdocumentZDI, ZDI-07-010: Apple Quicktime UDTA Parsing Heap Overflow Vulnerability (09.03.2007)
 documentReversemode, [Reversemode Advisory] Apple Quicktime Color ID remote heap corruption (06.03.2007)
 documentCERT, US-CERT Technical Cyber Security Alert TA07-065A -- Apple Releases Security Updates for QuickTime (06.03.2007)
 documentSowhat ., [Full-disclosure] Apple QuickTime udta ATOM Integer Overflow (06.03.2007)
 documentPiotr Bania, [Full-disclosure] Apple QuickTime Player Remote Heap Overflow (06.03.2007)
 documentIDEFENSE, iDefense Security Advisory 03.05.07: Apple QuickTime Color Table ID Heap Corruption Vulnerability (06.03.2007)

Перезапись служебных переменных через import_request_variables в PHP
Опубликовано:9 марта 2007 г.
Источник:
SecurityVulns ID:7360
Тип:библиотека
Уровень опасности:
4/10
Описание:При импорте внешних переменных могут быть перезаписаны внутренние структуры языка, такие как $_GET $_POST $_COOKIE $_FILES $_SERVER $_SESSION.
Затронутые продукты:PHP : PHP 4.4
 PHP : PHP 5.2
CVE:CVE-2007-1396 (The import_request_variables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address and Referer data, and have other unspecified impact. NOTE: it could be argued that this is a design limitation of PHP and that only the misuse of this feature, i.e. implementation bugs in applications, should be included in CVE. However, it has been fixed by the vendor.)
Оригинальный текстdocumentascii, [Full-disclosure] PHP import_request_variables() vs extract() (09.03.2007)
 documentStefano Di Paola, PHP import_request_variables() arbitrary variable overwrite (09.03.2007)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:9 марта 2007 г.
Источник:
SecurityVulns ID:7361
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:WORDPRESS : WordPress 2.1
 PHPNUKE : PHP-Nuke 8.0
 WEBO : Web Organizer 1.0
 PHPMYADMIN : phpMyAdmin 2.10
 DYNALIENS : dynaliens 2.1
CVE:CVE-2007-1520 (The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote attackers to conduct CSRF attacks.)
 CVE-2007-1519 (Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948.)
 CVE-2007-1416 (PHP remote file inclusion vulnerability in createurl.php in JCcorp (aka James Coyle) URLshrink allows remote attackers to execute arbitrary PHP code via a URL in the formurl parameter.)
 CVE-2007-1414 (Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c) include/functions.php, (d) include/plugin_api.inc.php, (e) index.php, or (f) pluginmgr.php.)
 CVE-2007-1395 (Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>.)
 CVE-2007-1391 (PHP remote file inclusion vulnerability in modules/abook/foldertree.php in Leo West WEBO (aka weborganizer) 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter.)
 CVE-2007-1390 (Multiple cross-site scripting (XSS) vulnerabilities in dynaliens 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) recherche.php3 or (2) ajouter.php3.)
 CVE-2007-1389 (dynaliens 2.0 and 2.1 allows remote attackers to bypass authentication and perform certain privileged actions via a direct request for (1) validlien.php3 (2) supprlien.php3 (3) supprub.php3 (4) validlien.php3 (5) confsuppr.php3 (6) modiflien.php3, or (7) confmodif.php3 in admin/.)
 CVE-2007-1325 (The PMA_ArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service (web server crash) via an array with many dimensions. NOTE: it could be argued that this vulnerability is caused by a problem in PHP (CVE-2006-1549) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpMyAdmin.)
Оригинальный текстdocumentRaeD Hasadya, Remote File Include In Script Coppermine Photo Gallery (09.03.2007)
 documentc_r_ck_(at)_hotmail.com, Lazarus Guestbook (admin.php)Remote File Include Expliot (09.03.2007)
 documentsn0oPy.team_(at)_gmail.com, dynaliens v2.0/v2.1 bypass admin authentification + XSS (09.03.2007)
 documentalfa_(at)_virtuax.be, xss in phpmyadmin >=2.8.0 and < 2.10.0 (09.03.2007)
 documentr00t2000_(at)_hush.com, Word Press Sensitive Directory exposure (SQL) (09.03.2007)
 documentRaeD Hasadya, Remote File Include In Script copyright (c) James Coyle; JCcorp (09.03.2007)
 documenterdc_(at)_echo.or.id, [ECHO_ADV_67$2007] WEBO (Web Organizer) <= 1.0 (baseDir) Remote File Inclusion Vulnerability (09.03.2007)
 documentRaeD Hasadya, XSS In Script deviantART (09.03.2007)
 documentOmid, Sql injection in WordPress 2.1.2 (09.03.2007)
 documentascii, Php Nuke POST XSS on steroids (09.03.2007)
Файлы:PHP-Nuke POST crossite scripting PoC

Переполнение буфера в драйвере Omnikey CardMan 4040 под Linux (buffer overflow)
Опубликовано:9 марта 2007 г.
Источник:
SecurityVulns ID:7362
Тип:локальная
Уровень опасности:
5/10
Описание:Переполнение буфера при обращении к устройству cmx.
Затронутые продукты:OMNIKEY : CardMan 4040
CVE:CVE-2007-0005 (Multiple buffer overflows in the (1) read and (2) write handlers in the Omnikey CardMan 4040 driver in the Linux kernel before 2.6.21-rc3 allow local users to gain privileges.)
Оригинальный текстdocumentDaniel Roethlisberger, Buffer Overflow in Linux Drivers for Omnikey CardMan 4040 (CVE-2007-0005) (09.03.2007)

Многочисленные переполнения буфера в ActiveX IPSwitch IMail
Опубликовано:9 марта 2007 г.
Источник:
SecurityVulns ID:7363
Тип:клиент
Уровень опасности:
5/10
Затронутые продукты:IPSWITCH : IMail 2006
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 03.07.07: Ipswitch IMail Server 2006 Multiple ActiveX Control Buffer Overflow Vulnerabilities (09.03.2007)

Переполнение буфера в расширении PHP crack_opendict()
Опубликовано:9 марта 2007 г.
Источник:
SecurityVulns ID:7364
Тип:библиотека
Уровень опасности:
5/10
Описание:Переполнение буфера при длинном аргументе функции.
Затронутые продукты:PHP : PHP 4.4
CVE:CVE-2007-1401 (Buffer overflow in the crack extension (CrackLib), as bundled with PHP 4.4.6 and other versions before 5.0.0, might allow local users to gain privileges via a long argument to the crack_opendict function.)
Оригинальный текстdocumentretrog_(at)_alice.it, PHP 4.4.6 crack_opendict() local buffer overflow poc exploit (09.03.2007)
Файлы:PHP 4.4.6 crack_opendict() local buffer overflow poc exploit

Повышение привилегий в CA eTrust
Опубликовано:9 марта 2007 г.
Источник:
SecurityVulns ID:7365
Тип:локальная
Уровень опасности:
5/10
Описание:Повышение привилегий через интерфейс сброса паролей в GINA.
Затронутые продукты:CA : eTrust Admin 8.1
CVE:CVE-2007-1345 (Unspecified vulnerability in cube.exe in the GINA component for CA (Computer Associates) eTrust Admin 8.1.0 through 8.1.2 allows attackers with physical interactive or Remote Desktop access to bypass authentication and gain privileges via the password reset interface.)
Оригинальный текстdocumentCA, [CAID 35145]: CA eTrust Admin Privilege Escalation Vulnerability (09.03.2007)

Переполнение буфера в интерфейсе веб-администрирования Novell NetMail (buffer overflow)
Опубликовано:9 марта 2007 г.
Источник:
SecurityVulns ID:7366
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение буфера в авторизации Basic протокола HTTP по порту TCP/89.
Затронутые продукты:NOVELL : NetMail 3.5
CVE:CVE-2007-1350 (Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 allows remote attackers to execute arbitrary code via a long username during HTTP Basic authentication.)
Оригинальный текстdocumentZDI, ZDI-07-009: Novell Netmail WebAdmin Buffer Overflow Vulnerability (09.03.2007)

Переполнение буфера в игре Conquest (buffer overflow)
Опубликовано:9 марта 2007 г.
Источник:
SecurityVulns ID:7367
Тип:клиент
Уровень опасности:
3/10
Описание:Переполнение буфера при разборе данных полученных от метасервера.
Затронутые продукты:CONQUEST : Conquest 8.2
CVE:CVE-2007-1371 (Multiple buffer overflows in Conquest 8.2a and earlier (1) allow local users to gain privileges by querying a metaserver that sends a long server entry processed by metaGetServerList and allow remote metaservers to execute arbitrary code via a long server entry processed by metaGetServerList; (2) allow attackers to have an unknown impact by exceeding the configured number of metaservers; and allow remote attackers to corrupt memory via a SP_CLIENTSTAT packet with certain values of (3) unum or (4) snum, different vulnerabilities than CVE-2003-0933.)
Оригинальный текстdocumentLuigi Auriemma, Buffer-overflow in Conquest client 8.2a (svn 691) (09.03.2007)

DoS через subselect против MySQL
Опубликовано:9 марта 2007 г.
Источник:
SecurityVulns ID:7368
Тип:локальная
Уровень опасности:
5/10
Описание:Обращение по нулевому указателю при использовании текстовых функций над результатами SELECT с order by.
Затронутые продукты:ORACLE : MySQL 5.0
CVE:CVE-2007-1420 (MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialized and triggers a NULL dereference in the filesort function.)
Оригинальный текстdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20070309-0 :: MySQL 5 Single Row Subselect Denial of Service (09.03.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород