Информационная безопасность
[RU] switch to English


Переполнение буфера в Web-сервере Your Own Personal Server
Опубликовано:11 сентября 2010 г.
Источник:
SecurityVulns ID:11128
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе заголовков запроса.
Затронутые продукты:YOPS : YOPS 2009-11-30
Оригинальный текстdocumentRodrigo Escobar, [DCA-00015] YOPS Web Server Remote Command Execution (11.09.2010)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
дополнено с 11 сентября 2010 г.
Опубликовано:12 сентября 2010 г.
Источник:
SecurityVulns ID:11131
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:HORDE : Horde 3.3
 CUBECART : CubeCart 4.3
 TYPO3 : typo3 4.3
 JOOMLA : Aardvertiser 2.1
 ZENPHOTO : Zenphoto 1.3
 JOOMLA : Clantools 1.5
 CHILLIYCMS : chillyCMS 1.1
 SMBIND : smbind 0.4
 OPENCLASSIFIELDS : Open Classifieds 1.3
 NETARTMEDIA : Real Estate Portal 2.0
 NETARTMEDIA : iBoutique.MALL 1.2
 POWERSTORE : PowerStore 3
 IBPRO : IB Pro CMS 1.0
 IBPRO : IB Pro CMS 2.0
 MEMBERMANAGEMENT : Member Management System 4.0
Оригинальный текстdocumentr0t, Member Management System v 4.0 XSS vuln. (12.09.2010)
 documentMustLive, Уязвимости в IB Promotion Advanced Business Web Suite (12.09.2010)
 documentr0t, NetArtMEDIA Car Portal v2.0 XSS vuln. (12.09.2010)
 documentr0t, PowerStore™ 3 XSS vuln. (12.09.2010)
 documentr0t, iBoutique.MALL 1.2 XSS vuln. (12.09.2010)
 documentr0t, NetArtMEDIA Real Estate Portal v2.0 XSS vuln. + NetArtMEDIA lfi. (12.09.2010)
 documentr0t, Open Classifieds version 1.7.0.2 XSS Vuln. (12.09.2010)
 documentDEBIAN, [SECURITY] [DSA-2103-1] New smbind packages fix sql injection (12.09.2010)
 documentadmin_(at)_bugreport.ir, chillyCMS Multiple Vulnerabilities (12.09.2010)
 documentsattler_(at)_solidmedia.de, Joomla Component Clantools version 1.2.3 Multiple Blind SQL Injection Vulnerabilities (12.09.2010)
 documentsattler_(at)_solidmedia.de, Joomla Component Clantools version 1.5 Blind SQL Injection Vulnerability (12.09.2010)
 documentMoritz Naumann, XSS in Horde Application Framework <=3.3.8, icon_browser.php (12.09.2010)
 documentBogdan Calin, Security problems in Zenphoto version 1.3 (12.09.2010)
 documentDEBIAN, [SECURITY] [DSA 2098-2] New typo3-src packages fix regression (12.09.2010)
 documentsattler_(at)_solidmedia.de, Joomla Component Aardvertiser 2.1 free Blind SQL Injection Vulnerability (12.09.2010)
 documentBogdan Calin, SQL Injection and XSS vulnerabilities in CubeCart version 4.3.3 (11.09.2010)

Повышение привилегий через HP Data Protector Express
дополнено с 11 сентября 2010 г.
Опубликовано:17 сентября 2010 г.
Источник:
SecurityVulns ID:11130
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение буфера в DtbClsLogin
Затронутые продукты:HP : HP Data Protector Express 3.5
 HP : HP Data Protector Express 4.0
CVE:CVE-2010-3008 (Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 on Windows allows local users to gain privileges or cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3007.)
 CVE-2010-3007 (Unspecified vulnerability in HP Data Protector Express, and Data Protector Express Single Server Edition (SSE), 3.x before build 56936 and 4.x before build 56906 allows local users to gain privileges or cause a denial of service via unknown vectors.)
Оригинальный текстdocumentZDI, ZDI-10-174: Hewlett-Packard Data Protector DtbClsLogin Utf8cpy Remote Code Execution Vulnerability (17.09.2010)
 documentHP, [security bulletin] HPSBMA02516 SSRT090232 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition (SSE), Local (11.09.2010)
 documentHP, [security bulletin] HPSBMA02576 SSRT090231 rev.1 - HP Data Protector Express and HP Data Protector Express Single Server Edition (SSE), Local Denial of Service (DoS), Execution of Arbitrary Code (11.09.2010)

Многочисленные уязвимости безопасности в ядре Linux
дополнено с 11 сентября 2010 г.
Опубликовано:20 сентября 2010 г.
Источник:
SecurityVulns ID:11129
Тип:локальная
Уровень опасности:
6/10
Описание:DoS-условия, повышение привилегий в клиенте CIFS, повышение привилегий через do_anonymous_page, утечка информации в XFS, повышение привилегий в compat_alloc_user_space().
Затронутые продукты:LINUX : kernel 2.6
CVE:CVE-2010-3301 (The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression.)
 CVE-2010-3081 (The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010.)
 CVE-2010-3080 (Double free vulnerability in the snd_seq_oss_open function in sound/core/seq/oss/seq_oss_init.c in the Linux kernel before 2.6.36-rc4 might allow local users to cause a denial of service or possibly have unspecified other impact via an unsuccessful attempt to open the /dev/sequencer device.)
 CVE-2010-3078 (The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the Linux kernel before 2.6.36-rc4 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via an ioctl call.)
 CVE-2010-3015 (Integer overflow in the ext4_ext_get_blocks function in fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local users to cause a denial of service (BUG and system crash) via a write operation on the last block of a large file, followed by a sync operation.)
 CVE-2010-2954 (The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-rc3-next-20100901 does not properly handle failure of the irda_open_tsap function, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via multiple unsuccessful calls to bind on an AF_IRDA (aka PF_IRDA) socket.)
 CVE-2010-2524 (The DNS resolution functionality in the CIFS implementation in the Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled, relies on a user's keyring for the dns_resolver upcall in the cifs.upcall userspace helper, which allows local users to spoof the results of DNS queries and perform arbitrary CIFS mounts via vectors involving an add_key call, related to a "cache stuffing" issue and MS-DFS referrals.)
 CVE-2010-2492 (Buffer overflow in the ecryptfs_uid_hash macro in fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux kernel before 2.6.35 might allow local users to gain privileges or cause a denial of service (system crash) via unspecified vectors.)
 CVE-2010-2240 (The do_anonymous_page function in mm/memory.c in the Linux kernel before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4, and 2.6.35.x before 2.6.35.2 does not properly separate the stack and the heap, which allows context-dependent attackers to execute arbitrary code by writing to the bottom page of a shared memory segment, as demonstrated by a memory-exhaustion attack against the X.Org X server.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2110-1] New Linux 2.6.26 packages fix several issues (20.09.2010)
 documentMANDRIVA, [ MDVSA-2010:172 ] kernel (11.09.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород