Информационная безопасность
[RU] switch to English


Слабые разрешения в multipath-tools
Опубликовано:10 апреля 2009 г.
Источник:
SecurityVulns ID:9812
Тип:удаленная
Уровень опасности:
5/10
Описание:Слабые разрешения на управляющий сокет.
Затронутые продукты:MULTIPATHTOOLS : multipath-tools 0.4
CVE:CVE-2009-0115 (The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 1767-1] New multipath-tools packages fix denial of service (10.04.2009)

Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:10 апреля 2009 г.
Источник:
SecurityVulns ID:9808
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:OPENADS : Openads 2.4
 HORDE : Horde 3.2
 EXJUNE : Exjune Guestbook 2
 ADAPTBB : AdaptBB 1.0
 GEEKLOG : Geeklog 1.5
 LGASOFT : SASPCMS 0.9
 NET2FTP : net2ftp 0.97
CVE:CVE-2009-0932 (Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.)
 CVE-2008-5917 (Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes.)
 CVE-2008-3330 (Cross-site scripting (XSS) vulnerability in services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote attackers to inject arbitrary web script or HTML via the contact name.)
Оригинальный текстdocumentc1c4tr1z_(at)_voodoo-labs.org, net2ftp <= 0.97 Cross-Site Scripting/Request Forgery (10.04.2009)
 documentMatthew Dempsky, Adgregate ShopAd widget validation is vulnerable to replay attack (10.04.2009)
 documentadmin_(at)_bugreport.ir, SASPCMS Multiple Vulnerabilities (10.04.2009)
 documentSalvatore "drosophila" Fresta, AdaptBB 1.0 Beta Multiple Remote Vulnerabilities (10.04.2009)
 documentrgod, Geeklog <=1.5.2 'SESS_updateSessionTime()' vulnerability (10.04.2009)
 documentrgod, Geeklog <=1.5.2 SEC_authenticate()/PHP_AUTH_USER sql injection exploit (10.04.2009)
 documentalphanix00_(at)_gmail.com, Exjune Guestbook v2 Remote Database Disclosure Exploit (10.04.2009)
 documentMustLive, Code Execution vulnerability in Openads (10.04.2009)
Файлы:Exjune Guestbook v2 Remote Database Disclosure Exploit
 Geeklog <=1.5.2 SEC_authenticate()/PHP_AUTH_USER sql injection exploit

Многочисленные уязвимости безопасности в Wireshark
Опубликовано:10 апреля 2009 г.
Источник:
SecurityVulns ID:9809
Тип:удаленная
Уровень опасности:
6/10
Описание:Ошибка форматной строки при разборе PROFINET, DoS при разборе Check Point High-Availability Protocol (CPHAP), DoS on .rf5 file processing.
Затронутые продукты:WIRESHARK : Wireshark 1.0
CVE:CVE-2009-1269 (Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted Tektronix .rf5 file.)
 CVE-2009-1268 (The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet.)
 CVE-2009-1210 (Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2009:088 ] wireshark (10.04.2009)

Несанкционированный доступ через HP ProCurve Manager
Опубликовано:10 апреля 2009 г.
Источник:
SecurityVulns ID:9810
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:HP : ProCurve Manager 2.3
CVE:CVE-2007-4514
Оригинальный текстdocumentHP, [security bulletin] HPSBMA02420 SSRT071458 rev.1 - HP ProCurve Manager and HP ProCurve Manager Plus, Remote Unauthorized Access to Data (10.04.2009)

Многочисленные уязвимости безопасности в IBM BladeCenter Advanced Management Module
Опубликовано:10 апреля 2009 г.
Источник:
SecurityVulns ID:9813
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг, утечка информации.
Затронутые продукты:IBM : BladeCenter E
 IBM : BladeCenter H
 IBM : BladeCenter HT
 IBM : BladeCenter S
 IBM : BladeCenter T
 IBM : BladeCenter JS12
 IBM : BladeCenter JS21
 IBM : BladeCenter JS22
 IBM : BladeCenter HC10
 IBM : BladeCenter HS12
 IBM : BladeCenter HS20
 IBM : BladeCenter HS21
 IBM : BladeCenter LS20
 IBM : BladeCenter LS21
 IBM : BladeCenter LS41
 IBM : BladeCenter QS21
 IBM : BladeCenter QS22
Оригинальный текстdocumentHenri Lindberg - Smilehouse Oy, IBM BladeCenter Advanced Management Module Multiple vulnerabilities (10.04.2009)

Переполнение буфера в EMC Replistor
Опубликовано:10 апреля 2009 г.
Источник:
SecurityVulns ID:9814
Тип:удаленная
Уровень опасности:
6/10
Описание:Целочисленное переполнение в системных службах приводит к переполнению буфера.
Затронутые продукты:EMC : RepliStor 6.2
 EMC : RepliStor 6.3
CVE:CVE-2009-1119 (Multiple heap-based buffer overflows in EMC RepliStor 6.2 before SP5 and 6.3 before SP2 allow remote attackers to execute arbitrary code via a crafted message to (1) ctrlservice.exe or (2) rep_srv.exe, possibly related to an integer overflow.)
Оригинальный текстdocumentFORTINET, FGA-2009-003:EMC RepliStor Buffer Overflow Vulnerability (10.04.2009)

Многочисленные уязвимости безопасности в Cisco ASA Adaptive Security Appliance / Cisco PIX Security Appliance
Опубликовано:10 апреля 2009 г.
Источник:
SecurityVulns ID:9816
Тип:удаленная
Уровень опасности:
6/10
Описание:Обход аутентификации VPN, многочисленные DoS-условия.
Затронутые продукты:CISCO : PIX 7.0
 CISCO : PIX 7.1
 CISCO : PIX 7.2
 CISCO : PIX 8.0
 CISCO : Adaptive Security Appliance 7.0
 CISCO : Adaptive Security Appliance 7.1
 CISCO : Adaptive Security Appliance 7.2
 CISCO : Adaptive Security Appliance 8.0
CVE:CVE-2009-1160 (Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)1, 7.1 before 7.1(2)74, 7.2 before 7.2(4)9, and 8.0 before 8.0(4)5 do not properly implement the implicit deny statement, which might allow remote attackers to successfully send packets that bypass intended access restrictions, aka Bug ID CSCsq91277.)
 CVE-2009-1159 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.2 before 7.2(4)26, 8.0 before 8.0(4)22, and 8.1 before 8.1(2)12, when SQL*Net inspection is enabled, allows remote attackers to cause a denial of service (traceback and device reload) via a series of SQL*Net packets.)
 CVE-2009-1158 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)26, 8.0 before 8.0(4)24, and 8.1 before 8.1(2)14, when H.323 inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted H.323 packet.)
 CVE-2009-1157 (Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.0 before 7.0(8)6, 7.1 before 7.1(2)82, 7.2 before 7.2(4)30, 8.0 before 8.0(4)28, and 8.1 before 8.1(2)19 allows remote attackers to cause a denial of service (memory consumption or device reload) via a crafted TCP packet.)
 CVE-2009-1156 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5500 Series devices 8.0 before 8.0(4)25 and 8.1 before 8.1(2)15, when an SSL VPN or ASDM access is configured, allows remote attackers to cause a denial of service (device reload) via a crafted (1) SSL or (2) HTTP packet.)
 CVE-2009-1155 (Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 7.1(1) through 7.1(2)82, 7.2 before 7.2(4)27, 8.0 before 8.0(4)25, and 8.1 before 8.1(2)15, when AAA override-account-disable is entered in a general-attributes field, allow remote attackers to bypass authentication and establish a VPN session to an ASA device via unspecified vectors.)
Оригинальный текстdocumentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Adaptive Security Appliance and Cisco PIX Security Appliances (10.04.2009)

Многочисленные уязвимости безопасности в tunapie
Опубликовано:10 апреля 2009 г.
Источник:
SecurityVulns ID:9817
Тип:локальная
Уровень опасности:
5/10
Описание:Проблема шел-символов, проблема символьных линков.
Затронутые продукты:TUNAPIE : Tunapie 2.1
CVE:CVE-2009-1254 (James Stone Tunapie 2.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a stream URL.)
 CVE-2009-1253 (James Stone Tunapie 2.1 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 1764-1] New tunapie packages fix several vulnerabilities (10.04.2009)

Переполнение буфера в GOM Player
Опубликовано:10 апреля 2009 г.
Источник:
SecurityVulns ID:9818
Тип:локальная
Уровень опасности:
4/10
Описание:Переполнение буфера при разборе файлов .srt
Затронутые продукты:GOMPLAYER : GOM Player 2.1
Оригинальный текстdocumentSecurity Vulnerability Research Team, [Bkis-06-2009] GOM Player Subtitle Buffer Overflow Vulnerability (10.04.2009)

Переполнение буфера в ZIP-папках Windows (buffer overflow)
дополнено с 13 октября 2004 г.
Опубликовано:10 апреля 2009 г.
Источник:
SecurityVulns ID:4087
Тип:библиотека
Уровень опасности:
5/10
Описание:Переполнение целочисленного типа в библиотеке DynaZip (DUNZIP32.DLL) при длинном имени файла в архиве.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 IBM : Lotus Notes 6.5
 CHECKMARK : MultiLedger 6.0
 INNERMEDIA : DynaZip 3.0
 INNERMEDIA : DynaZip 4.0
 INNERMEDIA : DynaZip 5.0
 MCAFEE : VirusScan 10.0
 DTSEARCH : dtSearch 7.10
 HP : OpenView Performance Agent C.04.60
 HP : OpenView Performance Agent C.04.70
 HP : OpenView Performance Agent C.04.72
CVE:CVE-2008-4420 (Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 and C.04.72, TurboZIP 6.0, and other products; allow user-assisted attackers to execute arbitrary code via a long filename in a ZIP archive during a (1) Fix (aka Repair), (2) Add, (3) Update, or (4) Freshen action, a related issue to CVE-2006-3985.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMA02396 SSRT080175 rev.1 - HP OpenView Performance Agent and HP Performance Agent Running on Windows, Remote Execution of Arbitrary Code (10.04.2009)
 documentJuha-Matti Laurio, IBM Lotus Notes DUNZIP32.dll Buffer Overflow Vulnerability (07.09.2006)
 documentJuha-Matti Laurio, McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability (30.03.2006)
 documentJuha-Matti Laurio, dtSearch DUNZIP32.dll Buffer Overflow Vulnerability (21.12.2005)
 documentSECURITEAM, [NT] CheckMark MultiLedger Buffer Overflow Vulnerability (DUNZIP32.dll) (31.10.2005)
 documentEEYE, [Full-Disclosure] EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability (13.10.2004)
 documentMICROSOFT, Microsoft Security Bulletin MS04-034 Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (873376) (13.10.2004)
Файлы:Microsoft Windows Vulnerability in Compressed (zipped) Folders (MS04-034) exploit
 Microsoft Security Bulletin MS04-034 Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (873376)

Переполнение буфера в Ghostscript / XPDF / CUPS pdftops
дополнено с 10 апреля 2009 г.
Опубликовано:18 апреля 2009 г.
Источник:
SecurityVulns ID:9811
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера при разборе кодировке JBIG2
Затронутые продукты:KDE : KDE 3.5
 CUPS : cups 1.3
 XPDF : xpdf 3.02
 GHOSTSCRIPT : Ghostscript 8.64
CVE:CVE-2009-1183 (The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.)
 CVE-2009-1182 (Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.)
 CVE-2009-1181 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference.)
 CVE-2009-1180 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.)
 CVE-2009-0800 (Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.)
 CVE-2009-0799 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.)
 CVE-2009-0196 (Heap-based buffer overflow in the big2_decode_symbol_dict function (jbig2_symbol_dict.c) in the JBIG2 decoding library (jbig2dec) in Ghostscript 8.64, and probably earlier versions, allows remote attackers to execute arbitrary code via a PDF file with a JBIG2 symbol dictionary segment with a large run length value.)
 CVE-2009-0166 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.)
 CVE-2009-0165 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn.")
 CVE-2009-0147 (Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.)
 CVE-2009-0146 (Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.)
Оригинальный текстdocumentSECUNIA, Secunia Research: Xpdf JBIG2 Symbol Dictionary Buffer Overflow Vulnerability (18.04.2009)
 documentSECUNIA, Secunia Research: CUPS pdftops JBIG2 Symbol Dictionary Buffer Overflow (18.04.2009)
 documentSECUNIA, Secunia Research: Ghostscript jbig2dec JBIG2 Processing Buffer Overflow (10.04.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород