Информационная безопасность
[RU] switch to English


Несанкционированный доступ через CA ARCserve D2D
дополнено с 26 июля 2011 г.
Опубликовано:12 августа 2011 г.
Источник:
SecurityVulns ID:11817
Тип:удаленная
Уровень опасности:
6/10
Описание:Утечка информации и выполнение кода при обработке HTTP RPC запроса по порту TCP/8014.
Затронутые продукты:CA : ARCserve D2D 15
Оригинальный текстdocumentCA, CA20110809-01: Security Notice for CA ARCserve D2D (12.08.2011)
 documentCA, Re: CA ARCserve D2D r15 GWT RPC Request Auth Bypass / Credentials (10.08.2011)
 documentrgod, CA ARCserve D2D r15 GWT RPC Request Auth Bypass / Credentials Disclosure and Commands Execution (26.07.2011)

DoS против Adobe Flash Media Server
Опубликовано:12 августа 2011 г.
Источник:
SecurityVulns ID:11850
Тип:удаленная
Уровень опасности:
5/10
Описание:Повреждение памяти.
Затронутые продукты:ADOBE : Flash Media Server 4.0
 ADOBE : Flash Media Server 3.5
CVE:CVE-2011-2132 (Adobe Flash Media Server (FMS) before 3.5.7, and 4.x before 4.0.3, allows attackers to cause a denial of service (memory corruption) via unspecified vectors.)
Файлы:Security update available for Adobe Flash Media Server

Повреждение памяти в Adobe Photoshop
Опубликовано:12 августа 2011 г.
Источник:
SecurityVulns ID:11852
Тип:локальная
Уровень опасности:
4/10
Описание:Повреждение памяти при разборе GIF
Затронутые продукты:ADOBE : Photoshop CS5
 ADOBE : Photoshop CS5.1
CVE:CVE-2011-2131 (Adobe Photoshop 12.0 in Creative Suite 5 (CS5) and 12.1 in Creative Suite 5.1 (CS5.1) allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GIF file.)
Файлы:Security update available for Adobe Photoshop CS5

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:12 августа 2011 г.
Источник:
SecurityVulns ID:11853
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:SQUIRRELMAIL : squirrelmail 1.4
 ADOBE : RoboHelp 9.0
 ADOBE : RoboHelp Server 9
 MAMBO : Mambo CMS 4.6
 TYPO3 : typo3 4.5
CVE:CVE-2011-2753 (Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555.)
 CVE-2011-2752 (CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \n (newline) character, a different vulnerability than CVE-2010-4555.)
 CVE-2011-2133 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 8 and 9 before 9.0.1.262, and RoboHelp Server 8 and 9, allows remote attackers to inject arbitrary web script or HTML via the URI, related to template_stock/whutils.js.)
 CVE-2011-2023 (Cross-site scripting (XSS) vulnerability in functions/mime.php in SquirrelMail before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via a crafted STYLE element in an e-mail message.)
 CVE-2010-4555 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) drop-down selection lists, (2) the > (greater than) character in the SquirrelSpell spellchecking plugin, and (3) errors associated with the Index Order (aka options_order) page.)
 CVE-2010-4554 (functions/page_header.php in SquirrelMail 1.4.21 and earlier does not prevent page rendering inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2289-1] typo3-src security update (12.08.2011)
 documentists_(at)_yehg.net, Mambo CMS 4.6.x (4.6.5) | SQL Injection (12.08.2011)
Файлы:Security updates available for RoboHelp

Переполнение буфера в libavcodec / FFmpeg / MPlayer
Опубликовано:12 августа 2011 г.
Источник:
SecurityVulns ID:11855
Тип:библиотека
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе формата CAVS.
Затронутые продукты:MPLAYER : MPlayer 1.0
 LIBAVCODEC : libavcodec 0.7
 FFMPEG : FFmpeg 0.7
CVE:CVE-2011-3362 (Integer signedness error in the decode_residual_block function in cavsdec.c in libavcodec in FFmpeg before 0.7.3 and 0.8.x before 0.8.2, and libav through 0.7.1, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Chinese AVS video (aka CAVS) file.)
Оригинальный текстdocumentDaniele Bianco, [oCERT-2011-002] libavcodec insufficient boundary check (12.08.2011)

Межсайтовый скриптинг в HP Palm WebOS
Опубликовано:12 августа 2011 г.
Источник:
SecurityVulns ID:11856
Тип:клиент
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг в приложениях Contacts и Calendar.
Затронутые продукты:HP : webOS 3.0
CVE:CVE-2011-2409 (Cross-site scripting (XSS) vulnerability in the Calendar application in HP Palm webOS 3.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2011-2408 (Cross-site scripting (XSS) vulnerability in the Contacts application in HP Palm webOS 3.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBGN02696 SSRT100590 rev.1 - HP webOS Calendar Application, Remote Execution of Arbitrary Code (12.08.2011)
 documentHP, [security bulletin] HPSBGN02694 SSRT100586 rev.1 - HP webOS Contacts Application, Remote Execution of Arbitrary Code (12.08.2011)

Несанкционированный доступ к HP ProLiant SL Advanced Power Manager
Опубликовано:12 августа 2011 г.
Источник:
SecurityVulns ID:11857
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:HP : SL-APM 1.11
CVE:CVE-2011-2405 (The HP ProLiant SL Advanced Power Manager (SL-APM) with firmware before 1.20 does not properly validate users, which allows remote attackers to cause a denial of service via unspecified vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBHF02699 SSRT100592 rev.1 - HP ProLiant SL Advanced Power Manager (SL-APM), Remote User Validation Failure (12.08.2011)

Многочисленные уязвимости безопасности в Adobe Shockwave Player
дополнено с 12 августа 2011 г.
Опубликовано:17 августа 2011 г.
Источник:
SecurityVulns ID:11849
Тип:удаленная
Уровень опасности:
7/10
Описание:Многочисленные повреждения памяти.
Затронутые продукты:ADOBE : Shockwave Player 11.6
CVE:CVE-2011-2423 (msvcr90.dll in Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2011-2422 (Textra.x32 in Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2011-2421 (Dirapi.dll in Adobe Shockwave Player before 11.6.1.629 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir media file.)
 CVE-2011-2420 (Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2011-2419 (IML32.dll in Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2010-4309 (Adobe Shockwave Player before 11.6.1.629 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-4308.)
 CVE-2010-4308 (Adobe Shockwave Player before 11.6.1.629 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-4309.)
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Adobe Shockwave rcsL Record Array Indexing Vulnerability (APSB11-19) (17.08.2011)
Файлы:Security update available for Adobe Shockwave Player

Многочисленные уязвимости безопасности в Adobe Flash Player
дополнено с 12 августа 2011 г.
Опубликовано:27 августа 2011 г.
Источник:
SecurityVulns ID:11851
Тип:клиент
Уровень опасности:
8/10
Описание:Повреждения памяти, переполнения буфера, целочисленные переполнения, межсайтовый скриптинг.
Затронутые продукты:ADOBE : Flash Player 10.3
 ADOBE : AIR 2.7
CVE:CVE-2011-2425 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2417.)
 CVE-2011-2417 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2425.)
 CVE-2011-2416 (Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2138.)
 CVE-2011-2415 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2414.)
 CVE-2011-2414 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2137, and CVE-2011-2415.)
 CVE-2011-2140 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2417, and CVE-2011-2425.)
 CVE-2011-2139 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows remote attackers bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.)
 CVE-2011-2138 (Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2416.)
 CVE-2011-2137 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2414, and CVE-2011-2415.)
 CVE-2011-2136 (Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2138 and CVE-2011-2416.)
 CVE-2011-2135 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2140, CVE-2011-2417, and CVE-2011-2425.)
 CVE-2011-2134 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415.)
 CVE-2011-2130 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2134, CVE-2011-2137, CVE-2011-2414, and CVE-2011-2415.)
Оригинальный текстdocumentZDI, ZDI-11-276: Adobe Flash Player MP4 sequenceParameterSetNALUnit Remote Code Execution Vulnerability (27.08.2011)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Flash Player ActionScript FileReference Buffer Overflow (APSB11-21) (17.08.2011)
 documentZDI, ZDI-11-253: Adobe Flash Player BitmapData.scroll Integer Overflow Remote Code Execution Vulnerability (17.08.2011)
 documentIDEFENSE, iDefense Security Advisory 08.09.11: Adobe Flash Player ActionScript Display Memory Corruption Vulnerability (12.08.2011)
 documentIDEFENSE, iDefense Security Advisory 08.09.11: Adobe Flash Player Integer Overflow (12.08.2011)
Файлы:Security update available for Adobe Flash Player

Несанкционированный доступ через ActiveX HP Easy Printer Care Software
дополнено с 12 августа 2011 г.
Опубликовано:16 января 2012 г.
Источник:
SecurityVulns ID:11854
Тип:клиент
Уровень опасности:
6/10
Описание:Возможен доступ на запись файлов.
CVE:CVE-2011-4787 (A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4786.)
 CVE-2011-4786 (A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787.)
 CVE-2011-2404 (The HPTicketMgr.dll ActiveX control in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors.)
Оригинальный текстdocumentZDI, ZDI-12-013 : HP Easy Printer Care XMLCacheMgr Class ActiveX Control Remote Code Execution Vulnerability (16.01.2012)
 documentZDI, ZDI-12-014 : HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability (16.01.2012)
 documentZDI, ZDI-11-261: HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability (17.08.2011)
 documentHP, [security bulletin] HPSBPI02698 SSRT100404 rev.1 - HP Easy Printer Care Software Running on Windows, Remote Execution of Arbitrary Code (12.08.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород