Информационная безопасность
[RU] switch to English


DoS против Subversion
Опубликовано:9 марта 2011 г.
Источник:
SecurityVulns ID:11486
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ при обработке запроса на блокировку.
Затронутые продукты:SUBVERSION : Subversion 1.6
CVE:CVE-2011-0715 (The mod_dav_svn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.16, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a request that contains a lock token.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2181-1] subversion security update (09.03.2011)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:9 марта 2011 г.
Источник:
SecurityVulns ID:11485
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:CUBECART : CubeCart 2.0
 PHPNUKE : PHP-Nuke 8.0
 MCCONTENTMANAGER : MC Content Manager 10.1
 WORDPRESS : Inline Gallery 0.3
 WORDPRESS : Cool Video Gallery 1.3
 WORDPRESS : GRAND Flash Album Gallery 0.55
 WORDPRESS : 1 Flash Gallery 0.2
 WORDPRESS : PhotoSmash 1.0
 RECORDPRESS : RecordPress 0.3
 ICINGA : Icinga 1.2
 ICINGA : Icinga 1.3
 KODAK : Kodak InSite 5.5
 MUTARE : EVM 2.2
 QUICKPOLLS : Quick Polls 1.0
 WEBENSIO : LMS Web Ensino 2011-02
 TOTVS : Microsiga Protheus 10
CVE:CVE-2011-1099 (Multiple directory traversal vulnerabilities in FocalMedia.Net Quick Polls before 1.0.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the p parameter in a preview action to index.php, or (2) delete arbitrary files via a .. (dot dot) in the p parameter in a delete action to index.php.)
Оригинальный текстdocumentFlavio do Carmo Junior aka waKKu, [DCA-2011-0002]: TOTVS ERP Microsiga Protheus - Users Enumeration (09.03.2011)
 documentFlavio do Carmo Junior aka waKKu, [DCA-2011-0003]: LMS Web Ensino - Multiple XSS, Session Fixation, CSRF and SQL Injection (09.03.2011)
 documentMark Stanislav, 'Quick Polls' Local File Inclusion & Deletion Vulnerabilities (CVE-2011-1099) (09.03.2011)
 documentmikispag_(at)_gmail.com, XSS in CubeCart <= 2.0.7 (09.03.2011)
 documentTravis Lee, Mutare Software EVM - CSRF and XSS Vulnerabilities (09.03.2011)
 documentvulns_(at)_dionach.com, InSite Troubleshooting Cross-Site Scripting (09.03.2011)
 documentvulns_(at)_dionach.com, Kodak InSite Login Page Cross-Site Scripting (09.03.2011)
 documentsschurtz_(at)_t-online.de, Cross-Site Scripting vulnerabilities in Icinga (09.03.2011)
 documentirancrash_(at)_gmail.com, RecordPress Multiple Vulnerabilities (09.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22871: File Content Disclosure in GRAND Flash Album Gallery wordpress plugin (09.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22867: XSS in PhotoSmash wordpress plugin (09.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22868: XSS in 1 Flash Gallery wordpress plugin (09.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22869: SQL Injection in 1 Flash Gallery wordpress plugin (09.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22870: SQL Injection in GRAND Flash Album Gallery wordpress plugin (09.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22872: Path disclosure in Cool Video Gallery wordpress plugin (09.03.2011)
 documentHigh-Tech Bridge Security Research, HTB22873: XSS in Inline Gallery wordpress plugin (09.03.2011)
 documentMustLive, Cross-Site Scripting уязвимости в MC Content Manager (09.03.2011)
 documentMustLive, Новые уязвимости в PHP-Nuke (09.03.2011)

Многочисленные уязвимости безопасности в Microsoft Windows
Опубликовано:9 марта 2011 г.
Источник:
SecurityVulns ID:11487
Тип:удаленная
Уровень опасности:
6/10
Описание:Небезопасная подгрузка библиотек, выполнение кода через файлы .dvr-ms
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2011-0042 (SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability.")
 CVE-2011-0032 (Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability.")
 CVE-2011-0029 (Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Library Loading Vulnerability.")
 CVE-2010-3146 (Untrusted search path vulnerability in Microsoft Office Groove 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mso.dll or GroovePerfmon.dll that is located in the same folder as a .vcg or .gta file.)
Файлы:Microsoft Security Bulletin MS11-015 - Critical Vulnerabilities in Windows Media Could Allow Remote Code Execution (2510030)
 Microsoft Security Bulletin MS11-016 - Important Vulnerability in Microsoft Groove Could Allow Remote Code Execution (2494047)
 Microsoft Security Bulletin MS11-017 - Important Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2508062)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород