Информационная безопасность
[RU] switch to English


DoS против Internet Explorer в Windows Mobile
Опубликовано:11 февраля 2007 г.
Источник:
SecurityVulns ID:7210
Тип:клиент
Уровень опасности:
4/10
Описание:Отказ при разборе WML. Для восстановления функциональности требуется жесткий сброс устройства.
Затронутые продукты:MICROSOFT : WIndows Mobile 5.0
CVE:CVE-2007-0878 (Unspecified vulnerability in Microsoft Internet Explorer on Windows Mobile 5.0 allows remote attackers to cause a denial of service (loss of browser and other device functionality) via a malformed WML page, related to an "overflow state." NOTE: it is possible that this issue is related to CVE-2007-0685.)
Оригинальный текстdocumentclappymonkey_(at)_gmail.com, Denial Of Service in Internet Explorer for MS Windows Mobile 5.0 (11.02.2007)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:11 февраля 2007 г.
Источник:
SecurityVulns ID:7209
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:OVIDENTIA : OVidentia 5.8
 ALLONSVOTER : Allons_voter 1.0
 NABOCORP : nabopoll 1.1
 QDIG : qdig 1.2
 DEVTRACK : DevTrack 6.0
 TWIKI : Twiki 4.0
 TWIKI : Twiki 4.1
CVE:CVE-2007-1073 (Static code injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary PHP code via the bgcolor parameter, which is inserted into mcrconf.inc.php.)
 CVE-2007-0885 (Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter.)
 CVE-2007-0880 (Capital Request Forms stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for inc/common_db.inc.)
 CVE-2007-0876 (Cross-site scripting (XSS) vulnerability in Quick Digital Image Gallery (Qdig) 1.2.9.3 and devel-20060624 allows remote attackers to inject arbitrary web script or HTML via the Qwd parameter to the top-level URI.)
 CVE-2007-0875 (** DISPUTED ** SQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this issue has been disputed by a third party, stating that the file does not use a SQL database.)
 CVE-2007-0874 (Allons_voter 1.0 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) admin_ajouter.php or (2) admin_supprimer.php. NOTE: this could be leveraged to conduct cross-site scripting (XSS) attacks.)
 CVE-2007-0873 (nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) config_edit.php, (2) template_edit.php, or (3) survey_edit.php in admin/.)
 CVE-2007-0871 (Unrestricted file upload vulnerability in eXtremePow eXtreme File Hosting allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as (1) .rar.php or (2) .zip.php.)
 CVE-2007-0853 (SQL injection vulnerability in DevTrack 6.0.3 allows remote attackers to execute arbitrary SQL commands via the Username form field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-0852 (Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote attackers to inject arbitrary web script or HTML via the "Keyword search" form field and unspecified other form fields that populate a public saved query. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-0669 (Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local users to execute arbitrary Perl code via unknown vectors related to CGI session files.)
 CVE-2006-6980 (The magnatune.com album browser in Amarok allows attackers to cause a denial of service (application crash) via unspecified vectors.)
 CVE-2006-6979 (The ruby handlers in the Magnatune component in Amarok do not properly quote text in certain contexts, probably including construction of an unzip command line, which allows attackers to execute arbitrary commands via shell metacharacters.)
Оригинальный текстdocumentAndrea "bunker" Purificato, [XSS] Qdig - Quick Digital Image Gallery Version 1.2.9.3 and -devel (11.02.2007)
 documentsn0oPy.team_(at)_gmail.com, nabopoll 1.1.2 sensitive file (admin without password) (11.02.2007)
 documentsn0oPy.team_(at)_gmail.com, Allons_voter Version 1.0 xss and admin votes (11.02.2007)
 documentsn0oPy.team_(at)_gmail.com, mcRefer SQL injection (11.02.2007)
 documentbl4ck_(at)_bsdmail.org, XSS in Rainbow with Rainbow.Zen (11.02.2007)
 documentali_(at)_hackerz.ir, local bug :[xxs] in whm (11.02.2007)
 documentgokhankaya_(at)_hotmail.com, Capital Request Forms Db Username and Password Vulnerabilities (11.02.2007)
 documenthamed.bazargani_(at)_gmail.com, eXtreme File Hosting remote file upload vulnerability (11.02.2007)
Файлы:OVidentia 5.x Series Remote File İnclude
 Exploits McRefer PHP inclusion

Многочисленные уязвимости в антивирусе Trend Micro (multiple bugs)
дополнено с 8 февраля 2007 г.
Опубликовано:11 февраля 2007 г.
Источник:
SecurityVulns ID:7200
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе PE-файлов упакованых UPX, повышение привилегий через устройство \\.\TmComm.
Затронутые продукты:TM : PC-Cillin Internet Security 2007
 TM : Trend Micro ServerProtect for Linux 2.5
 TM : Trend Micro AntiVirus 2007
 TM : Trend Micro Anti-Spyware for SMB 3.2
 TM : Trend Micro Anti-Spyware for Enterprise 3.0
 TM : Trend Micro Anti-Spyware for Consumer 3.5
CVE:CVE-2007-0856 (TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module (RCM), with the VsapiNI.sys 3.320.0.1003 scan engine, as used in Trend Micro PC-cillin Internet Security 2007, Antivirus 2007, Anti-Spyware for SMB 3.2 SP1, Anti-Spyware for Consumer 3.5, Anti-Spyware for Enterprise 3.0 SP2, Client / Server / Messaging Security for SMB 3.5, Damage Cleanup Services 3.2, and possibly other products, assigns Everyone write permission for the \\.\TmComm DOS device interface, which allows local users to access privileged IOCTLs and execute arbitrary code or overwrite arbitrary memory in the kernel context.)
 CVE-2007-0851 (Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable.)
Оригинальный текстdocumentReversemode, [Reversemode Advisory] TrendMicro Products - multiple privilege escalation vulnerabilities. (11.02.2007)
 documentIDEFENSE, iDefense Security Advisory 02.07.07: Trend Micro TmComm Local Privilege Escalation Vulnerability (08.02.2007)

Переполнение буфера в ImageMagick (buffer overflow)
дополнено с 15 августа 2006 г.
Опубликовано:11 февраля 2007 г.
Источник:
SecurityVulns ID:6494
Тип:библиотека
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе графического формата SGI, PALM, DCM.
Затронутые продукты:IMAGEMAGICK : ImageMagick 6.2
 IMAGEMAGIC : ImageMagick 6.3
 GRAPHICSMAGIC : GraphicsMagick 1.1
CVE:CVE-2007-0770 (Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456.)
 CVE-2006-5456 (Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c.)
Оригинальный текстdocumentMANDRIVA, [ MDKSA-2007:041 ] - Updated ImageMagick packages fix buffer overflow vulnerability (11.02.2007)
 documentGENTOO, [ GLSA 200611-19 ] ImageMagick: PALM and DCM buffer overflows (25.11.2006)
 documentDamian Put, [Overflow.pl] ImageMagick ReadSGIImage() Heap Overflow (15.08.2006)
Файлы:Example crafted SGI file crash ImageMagick

Несанкционированный доступ к Sun Solaris (unauthorized access)
дополнено с 11 февраля 2007 г.
Опубликовано:1 марта 2007 г.
Источник:
SecurityVulns ID:7211
Тип:удаленная
Уровень опасности:
10/10
Описание:При установке флага f в сеансе телнет не проверяется пароль пользователя. В более старых системах определение переменной TTYPROMPT позволяет доступ без аутентификации с правами группы bin. Уязвимость используется интернет-червем.
Затронутые продукты:SUN : Solaris 2.6
 ORACLE : Solaris 8
 SUN : Solaris 7
 ORACLE : Solaris 10
 ORACLE : Solaris 11
CVE:CVE-2007-0882 (Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.)
Оригинальный текстdocumentCERT, US-CERT Technical Cyber Security Alert TA07-059A -- Sun Solaris Telnet Worm (01.03.2007)
 documentThierry Zoller, Re[2]: Solaris telnet vulnberability - how many on your network? (22.02.2007)
 documentkingcope_(at)_gmx.net, [Full-disclosure] "0day was the case that they gave me" (11.02.2007)
Файлы:SunOS 5.10/5.11 in.telnetd Remote Exploit
 “0day was the case that they gave me” - SunOS 5.10/5.11 in.telnetd Remote Exploit by Kingcope

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород