Информационная безопасность
[RU] switch to English


DoS через Data-link Switching в Cisco IOS
Опубликовано:11 января 2007 г.
Источник:
SecurityVulns ID:7036
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ при разборе некорректного сообщения DLSw.
Затронутые продукты:CISCO : IOS 12.0
 CISCO : IOS 12.1
 CISCO : IOS 12.2
 CISCO : IOS 12.3
 CISCO : IOS 12.4
CVE:CVE-2007-0199 (The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via "an invalid value in a DLSw message... during the capabilities exchange.")
Оригинальный текстdocumentCISCO, Cisco Security Advisory: DLSw Vulnerability (11.01.2007)

DoS против сетевого сканера EIQ Networks Network Security Analyzer
Опубликовано:11 января 2007 г.
Источник:
SecurityVulns ID:7038
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ при получении определенной команды в порт TCP/10618.
Затронутые продукты:EIQNETWORKS : eIQnetworks Enterprise Security Analyzer 2.5
CVE:CVE-2007-0228 (The DataCollector service in EIQ Networks Network Security Analyzer allows remote attackers to cause a denial of service (service crash) via a (1) &CONNECTSERVER& (2) &ADDENTRY& (3) &FIN& (4) &START& (5) &LOGPATH& (6) &FWADELTA& (7) &FWALOG& (8) &SETSYNCHRONOUS& (9) &SETPRGFILE&, or (10) &SETREPLYPORT& string to TCP port 10618, which triggers a NULL pointer dereference.)
Оригинальный текстdocumentEthan Hunt, [Full-disclosure] EIQ Networks Network Security Analyzer DoS Vulnerability (11.01.2007)
Файлы:Exploits EIQ Networks Network Security Analyzer DoS

Обращение по некорректному указателю при разборе WMF Microsoft Windows
Опубликовано:11 января 2007 г.
Источник:
SecurityVulns ID:7039
Тип:клиент
Уровень опасности:
5/10
Описание:Обращение по некорректному указателю в GDI на функции CreateBrushIndirect.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Оригинальный текстdocumentAlexander Sotirov, WMF CreateBrushIndirect vulnerability (DoS) (11.01.2007)
Файлы:WMF 0-day Dos Exploit

Переполнение буфера в TIS Internet Firewall Toolkit (buffer overflow)
Опубликовано:11 января 2007 г.
Источник:
SecurityVulns ID:7041
Тип:удаленная
Уровень опасности:
7/10
Описание:Переполнение буфера на длинном имени пользвоателя в FTP proxy.
CVE:CVE-2007-0201 (Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet Firewall Toolkit (FWTK) allows remote attackers to execute arbitrary code via a long destination hostname (dest).)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:11 января 2007 г.
Источник:
SecurityVulns ID:7037
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:PHPBB : phpBB 2.0
 JSHOP : Jshop Server 1.3
 WORDPRESS : WordPress 2.0
 PHPMYADMIN : phpmyadmin 2.9
 SAZCART : SazCart 1.5
 CSCART : CS-Cart 1.3
 MOTIONBORG : MOTIONBORG Web Real Estate 2.1
 UNIFORUM : uniForum 4
 AXIOM : Axiom 0.8
 MEDIAWIKI : MediaWiki 1.6
 MEDIAWIKI : MediaWiki 1.7
 MEDIAWIKI : MediaWiki 1.8
CVE:CVE-2007-0232 (PHP remote file inclusion vulnerability in routines/fieldValidation.php in Jshop Server 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the jssShopFileSystem parameter.)
 CVE-2007-0230 (** DISPUTED ** PHP remote file inclusion vulnerability in install.php in CS-Cart 1.3.3 allows remote attackers to execute arbitrary PHP code via a URL in the install_dir parameter. NOTE: CVE and third parties dispute this vulnerability because install_dir is defined before use.)
 CVE-2007-0226 (SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier allows remote attackers to execute arbitrary SQL commands via the "by User" field (aka the TXbyuser parameter).)
 CVE-2007-0204 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information,)
 CVE-2007-0203 (Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.)
 CVE-2007-0200 (PHP remote file inclusion vulnerability in template.php in Geoffrey Golliher Axiom Photo/News Gallery (axiompng) 0.8.6 allows remote attackers to execute arbitrary PHP code via a URL in the baseAxiomPath parameter.)
 CVE-2007-0196 (SQL injection vulnerability in admin_check_user.asp in Motionborg Web Real Estate 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (txtUserName parameter) and possibly other parameters. NOTE: some details were obtained from third party information.)
 CVE-2007-0177 (Cross-site scripting (XSS) vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2007-0109 (wp-login.php in WordPress 2.0.5 and earlier displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.)
 CVE-2007-0095 (phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive information via a direct request for themes/darkblue_orange/layout.inc.php, which reveals the path in an error message.)
Оригинальный текстdocumentinfo_(at)_burnhead.it, phpBB (privmsg.php) XSS Exploit (11.01.2007)
 documentirvian_(at)_presiden.com, Jshop Server 1.3 (11.01.2007)
 documentajannhwt_(at)_hotmail.com, uniForum <= v4 (wbsearch.aspx) Remote SQL Injection Vulnerability (11.01.2007)
 documentajannhwt_(at)_hotmail.com, MOTIONBORG Web Real Estate <= v2.1 Remote SQL Injection Vulnerability (11.01.2007)
 documentirvian, shop Server 1.3 (fieldValidation.php) Remote File Include Vulnerability (11.01.2007)
 documentIbnuSina, sazcart v1.5 (cart.php) Remote File include (11.01.2007)
 documentahmed_labib_hilmy_(at)_yahoo.com, CS-Cart 1.3.3 (install.php) Remote File Include Vulnerability (11.01.2007)
Файлы:Exploits Axiom 0.8.6 photo gallery (template.php)Remote File Include Vulnerability
 Wordpress <= 2.0.6 wp-trackback.php Zend_Hash_Del_Key_Or_Index sql injection admin hash disclosure exploit

Многочисленные уязвимости в Microsoft Outlook (multiple bugs)
дополнено с 9 января 2007 г.
Опубликовано:11 января 2007 г.
Источник:
SecurityVulns ID:7030
Тип:клиент
Уровень опасности:
6/10
Описание:Переполнения буфера при разборе файлов .iCal, .oss. DoS.
Затронутые продукты:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
CVE:CVE-2007-0034 (Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability.")
 CVE-2007-0033 (Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.)
 CVE-2006-1305 (Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.)
Оригинальный текстdocumentComputer Terrorism (UK) :: Incident Response Centre, [Full-disclosure] Computer Terrorism (UK) :: Incident Response Centre - Microsoft Outlook Vulnerability (11.01.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-003 Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938) (09.01.2007)
Файлы:Microsoft Security Bulletin MS07-003 Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938)

Обход защиты Steganography / Camouflage (protection bypass)
дополнено с 9 января 2007 г.
Опубликовано:11 января 2007 г.
Источник:
SecurityVulns ID:7019
Тип:m-i-t-m
Уровень опасности:
5/10
Описание:Файл со скрытой информацией имеет явную сигнатуру, при этом парольная защита от дешифрования реализована интерфейсно.
Затронутые продукты:SECUREKIT : Steganography 1.8
 SECUREKIT : Steganography 1.7
 TWISTEDPEAR : Camouflage 1.2
CVE:CVE-2007-0164 (Camouflage 1.2.1 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing certain bytes of the JPEG image with alternate password information.)
 CVE-2007-0163 (SecureKit Steganography 1.7.1 and 1.8 embeds password information in the carrier file, which allows remote attackers to bypass authentication requirements and decrypt embedded steganography by replacing the last 20 bytes of the JPEG image with alternate password information.)
Оригинальный текстdocumentthesinoda_(at)_hotmail.com, A Major design Bug in Camouflage 1.2.1 (latest) (11.01.2007)
 documentthesinoda_(at)_hotmail.com, A Major design Bug in Steganography 1.7.x, 1.8 (latest) (Updated Version) (11.01.2007)
 documentthesinoda_(at)_hotmail.com, Cracking Steganography Application in less than ONE minute (09.01.2007)

Многочисленные ошибки при разборе дисковых образов в Mac OS X / Apple Finder
дополнено с 11 января 2007 г.
Опубликовано:16 января 2007 г.
Источник:
SecurityVulns ID:7040
Тип:локальная
Уровень опасности:
6/10
Описание:Переполнение буфера на длинной метке тома DMG в Apple Finder. Целочисленные переполнения при разборе DMG-тома в UFS. DoS через тома UFS и HFS+.
Затронутые продукты:APPLE : Mac OS X 10.4
 FREEBSD : FreeBSD 6.1
CVE:CVE-2007-0318 (The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an invalid vnode structure during file removal.)
 CVE-2007-0299 (Integer overflow in the byte_swap_sbin function in bsd/ufs/ufs/ufs_byte_order.c in Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service (kernel panic) by mounting a crafted Unix File System (UFS) DMG image, which triggers an invalid pointer dereference.)
 CVE-2007-0267 (The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels allows local users to cause a denial of service (kernel panic) and possibly corrupt other filesystems by mounting a crafted UNIX File System (UFS) DMG image that contains a corrupted directory entry (struct direct), related to the ufs_dirbad function. NOTE: a third party states that the FreeBSD issue does not cross privilege boundaries.)
 CVE-2007-0229 (Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly gain privileges via a crafted DMG image that causes "allocation of a negative size buffer" leading to a heap-based buffer overflow, a related issue to CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.)
 CVE-2007-0197 (Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption.)
Оригинальный текстdocumentMOAB, MOAB-13-01-2007: Apple DMG HFS+ do_hfs_truncate() Denial of Service Vulnerability (16.01.2007)
 documentMOAB, MOAB-12-01-2007: Apple DMG UFS ufs_lookup() Denial of Service Vulnerability (16.01.2007)
 documentMOAB, MOAB-11-01-2007: Apple DMG UFS byte_swap_sbin() Integer Overflow Vulnerability (16.01.2007)
 documentMOAB, MOAB-10-01-2007: Apple DMG UFS ffs_mountfs() Integer Overflow Vulnerability (16.01.2007)
 documentKevin Finisterre, DMA[2007-0109a] - 'Apple Finder Disk Image Volume Label Overflow / DoS' (11.01.2007)
Файлы:Exploits Apple DMG UFS ufs_lookup() Denial of Service Vulnerability
 Exploits Apple DMG UFS ffs_mountfs() Integer Overflow Vulnerability
 Exploits Apple DMG UFS byte_swap_sbin() Integer Overflow Vulnerability
 Exploits Apple DMG HFS+ do_hfs_truncate() Denial of Service Vulnerability
 Exploits Apple Finder DMG Volume Name Memory Corruption

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород