Информационная безопасность
[RU] switch to English


DoS против MySQL
Опубликовано:11 мая 2010 г.
Источник:
SecurityVulns ID:10818
Тип:локальная
Уровень опасности:
4/10
Описание:Локальный пользователь может выполнить команду UNINSTALL PLUGIN.
Затронутые продукты:ORACLE : MySQL 5.1
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2010:093 ] mysql (11.05.2010)

DoS против ядра Linux
Опубликовано:11 мая 2010 г.
Источник:
SecurityVulns ID:10819
Тип:локальная
Уровень опасности:
5/10
Описание:Отказ в функциях nfs_wait_on_request, sg_build_indirect.
CVE:CVE-2010-1087 (The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel 2.6.x through 2.6.33-rc5 allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not interruptible.)
 CVE-2009-3288 (The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of service (kernel OOPS and NULL pointer dereference), as demonstrated by using xcdroast to duplicate a CD. NOTE: this is only exploitable by users who can open the cdrom device.)
Оригинальный текстdocumentRPATH, rPSA-2010-0037-1 kernel (11.05.2010)

Многочисленные уязвимости безопасности в PHP
Опубликовано:11 мая 2010 г.
Источник:
SecurityVulns ID:10820
Тип:библиотека
Уровень опасности:
7/10
Описание:Многочисленные утечки информации, обращение к неинициализированной области памяти, двойное освобождение памяти, целочисленные переполнения.
Затронутые продукты:PHP : PHP 5.2
 PHP : PHP 5.3
CVE:CVE-2010-2094 (Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the (1) phar_stream_flush, (2) phar_wrapper_unlink, (3) phar_parse_url, or (4) phar_wrapper_open_url functions in ext/phar/stream.c; and the (5) phar_wrapper_open_dir function in ext/phar/dirstream.c, which triggers errors in the php_stream_wrapper_log_error function.)
 CVE-2010-1917 (Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (PHP crash) via a crafted first argument to the fnmatch function, as demonstrated using a long string.)
 CVE-2010-1868 (The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to execute arbitrary code by calling these functions with an empty SQL query, which triggers access of uninitialized memory.)
 CVE-2010-1866 (The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder.)
 CVE-2010-1864 (The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.)
 CVE-2010-1862 (The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.)
 CVE-2010-1861 (The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to write to arbitrary memory addresses by using an object's __sleep function to interrupt an internal call to the shm_put_var function, which triggers access of a freed resource.)
 CVE-2010-1860 (The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal call, related to the call time pass by reference feature.)
Оригинальный текстdocumentPHP-SECURITY, MOPS-2010-001: PHP hash_update_file() Already Freed Resource Access Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-003: PHP dechunk Filter Signed Comparison Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-006: PHP addcslashes() Interruption Information Leak Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-008: PHP chunk_split() Interruption Information Leak Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-009: PHP shm_put_var() Already Freed Resource Access Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-010: PHP html_entity_decode() Interruption Information Leak Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-012: PHP sqlite_single_query() Uninitialized Memory Usage Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-013: PHP sqlite_array_query() Uninitialized Memory Usage Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-014: PHP ZEND_BW_XOR Opcode Interruption Address Information Leak Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-015: PHP ZEND_SL Opcode Interruption Address Information Leak Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-016: PHP ZEND_SR Opcode Interruption Address Information Leak Vulnerability (11.05.2010)
 documentPHP-SECURITY, preg_quote() Interruption Information Leak Vulnerability (11.05.2010)
 documentStefan Esser, Month of PHP Security - Summary - 1st May - 10th May (11.05.2010)

Целочисленное переполнение в Microsoft Windows Mail / Outlook Express
Опубликовано:11 мая 2010 г.
Источник:
SecurityVulns ID:10821
Тип:клиент
Уровень опасности:
5/10
Описание:Целочисленное переполнение при разборе ответа сервера POP3 или IMAP.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-0816 (Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka "Outlook Express and Windows Mail Integer Overflow Vulnerability.")
Оригинальный текстdocumentFrancis Provencher, {PRL} Microsoft Windows Outlook Express and Windows Mail Integer Overflow (11.05.2010)
 documentFrancis Provencher, {PRL} Microsoft Windows Outlook Express and Windows Mail Integer Overflow (11.05.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-030 - Critical Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution (978542) (11.05.2010)
Файлы:Microsoft Security Bulletin MS10-030 - Critical Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution (978542)

Переполнение буфера в Microsoft VBA
Опубликовано:11 мая 2010 г.
Источник:
SecurityVulns ID:10822
Тип:библиотека
Уровень опасности:
8/10
Описание:Переполнение буфера при поиске элементов ActiveX при разборе файлов Microsoft Office.
Затронутые продукты:MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2007
CVE:CVE-2010-0815 (VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS10-031 - Critical Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (978213) (11.05.2010)
Файлы:Microsoft Security Bulletin MS10-031 - Critical Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (978213)

Целочисленное переполнение в MPlayer
Опубликовано:11 мая 2010 г.
Источник:
SecurityVulns ID:10823
Тип:клиент
Уровень опасности:
5/10
Описание:Целочисленное переполнение при проигрывании потоков RDT.
Затронутые продукты:MPLAYER : MPlayer 1.0
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2044-1] New mplayer packages fix arbitrary code execution (11.05.2010)

Повреждение памяти в dvipng / TeX Live
Опубликовано:11 мая 2010 г.
Источник:
SecurityVulns ID:10824
Тип:локальная
Уровень опасности:
4/10
Описание:Повреждение памяти при разборе файлов DVI.
Затронутые продукты:DVIPNG : dvipng 1.12
CVE:CVE-2010-1440 (Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) predospecial and (2) bbdospecial functions, a different vulnerability than CVE-2010-0739.)
 CVE-2010-0829 (Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed DVI file.)
 CVE-2010-0827 (Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file.)
 CVE-2010-0739 (Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote attackers to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.)
Оригинальный текстdocumentUBUNTU, [USN-937-1] TeX Live vulnerabilities (11.05.2010)
 documentUBUNTU, [USN-936-1] dvipng vulnerability (11.05.2010)

Переполнение буфера в библиотеке PCRE
Опубликовано:11 мая 2010 г.
Источник:
SecurityVulns ID:10825
Тип:библиотека
Уровень опасности:
6/10
Описание:Переполнение буфера при компиляции регулярных выражений.
Затронутые продукты:PCRE : PCRE 8.01
Оригинальный текстdocumentMichael Santos, PCRE compile workspace overflow (11.05.2010)

Исчерпание ресурсов в fetchmail
Опубликовано:11 мая 2010 г.
Источник:
SecurityVulns ID:10826
Тип:клиент
Уровень опасности:
4/10
Описание:Исчерпание памяти при печати диагностических сообщений.
Затронутые продукты:FETCHMAIL : fetchmail 6.3
CVE:CVE-2010-1167 (fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list.)
Оригинальный текстdocumentMatthias Andree, fetchmail security announcement fetchmail-SA-2010-02 (CVE-2010-1167) (11.05.2010)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
дополнено с 11 мая 2010 г.
Опубликовано:13 мая 2010 г.
Источник:
SecurityVulns ID:10817
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:CACTI : cacti 0.8
 CLANTIGER : ClanTiger 1.1
 FAMILICMS : Family Connections 2.2
 ADVANCEDPOLL : Advanced Poll 2.08
 ORANGEHRM : OrangeHRM 2.5
 CMSMADESIMPLE : CMS Made Simple 1.7
 JAWS : jaws 0.8
 ECSHOP : ECShop 2.7
 SOURCEFABRIC : Campsite 3.3
 CLANSPHERE : ClanSphere 2009.0
 DELUXEBB : DeluxeBB 1.3
 EFRONTLEARNING : Efront 3.6
 S9Y : Serendipity 1.5
 XINHA : Xinha 0.96
 REZERVI : REZERVI 3.0
CVE:CVE-2010-1482 (Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the date_format_string parameter.)
 CVE-2010-1481 (Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute.)
 CVE-2010-1431 (SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter.)
Оригинальный текстdocumentMustLive, Vulnerability in tagcloud for Kasseler CMS (13.05.2010)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Shockwave 3D Blocks Field Code Execution Vulnerability (CVE-2010-1283) (13.05.2010)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Shockwave DIRAPI Multiple Code Execution Vulnerabilities (CVE-2010-1280) (13.05.2010)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Shockwave 3D Two Remote Code Execution Vulnerabilities (CVE-2010-1284) (13.05.2010)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Shockwave IML32 Multiple Code Execution Vulnerabilities (CVE-2010-0129) (13.05.2010)
 documentSECUNIA, Secunia Research: Adobe Shockwave Player Font Processing Buffer Overflow (13.05.2010)
 documentSECUNIA, Secunia Research: Adobe Shockwave Player Asset Entry Parsing Vulnerability (13.05.2010)
 documentSECUNIA, Secunia Research: Adobe Shockwave Player Integer Overflow Vulnerability (13.05.2010)
 documenteidelweiss, 29o3 CMS (LibDir) Multiple Remote File Inclusion Vulnerability (11.05.2010)
 documentHigh-Tech Bridge Security Research, XSS in Saurus CMS (11.05.2010)
 documentHigh-Tech Bridge Security Research, XSS in DynamiXgate Affiliate Store Builder (11.05.2010)
 documentMustLive, Vulnerability in widget Cumulus for BlogEngine.NET (11.05.2010)
 documentMANDRIVA, [ MDVSA-2010:092 ] cacti (11.05.2010)
 documenteidelweiss, REZERVI (root) Remote Command Execution Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-002: Campsite TinyMCE Article Attachment SQL Injection Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-004: ClanSphere Captcha Generator Blind SQL Injection Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-005: ClanSphere MySQL Driver Generic SQL Injection Vulnerability (11.05.2010)
 documentPHP-SECURITY, ClanTiger Shoutbox Module s_email SQL Injection vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-011: DeluxeBB newthread SQL Injection Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-018: EFront ask_chat chatrooms_ID SQL Injection Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-019: Serendipity WYSIWYG Editor Plugin Configuration Injection Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-020: Xinha WYSIWYG Plugin Configuration Injection Vulnerability (11.05.2010)
 documentStefan Esser, Month of PHP Security - Summary - 1st May - 10th May (11.05.2010)
 documentvulns_(at)_wintercore.com, [Wintercore Research] Consona Products - Multiple vulnerabilities (11.05.2010)
 documentlis cker, Injection of ECShop apps. (11.05.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Jaws (11.05.2010)
 documentHanno Bock, pmwiki: persistent cross site scripting (XSS), CVE-2010-1481 (11.05.2010)
 documentHanno Bock, CMS Made Simple: backend cross site scripting (XSS), CVE-2010-1482 (11.05.2010)
 documentZakar Miklуs, SA00001-2010 (11.05.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in EasyPublish CMS (11.05.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Advanced Poll (11.05.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in EasyPublish CMS (11.05.2010)
 documentBUGTRAQ, XSS vulnerability in Advanced Poll (11.05.2010)
 documentSalvatore "drosophila" Fresta, Family Connections 2.2.3 Multiple Remote Vulnerabilities (11.05.2010)
 documentmd.r00t.defacer_(at)_gmail.com, Turnkey Innovations SQL Injection Vulnerability (11.05.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород