Информационная безопасность
[RU] switch to English


Выполнение кода через подпистему печати CUPS в Apple Mac OS X
Опубликовано:12 октября 2008 г.
Источник:
SecurityVulns ID:9351
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера в фильтре HP-GL/2
Затронутые продукты:APPLE : MacOS X 10.4
CVE:CVE-2008-3641 (The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.)
Оригинальный текстdocumentZDI, ZDI-08-067: Apple CUPS 1.3.7 (HP-GL/2 filter) Remote Code Execution Vulnerability (12.10.2008)

Утечка информации в Apache Tomcat
Опубликовано:12 октября 2008 г.
Источник:
SecurityVulns ID:9350
Тип:удаленная
Уровень опасности:
5/10
Описание:кратковременные условия позволяют обойти ограничения по IP-адресам.
Затронутые продукты:APACHE : Tomcat 4.1
 APACHE : Tomcat 5.5
CVE:CVE-2008-3271 (Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers to bypass an IP address restriction and obtain sensitive information via a request that is processed concurrently with another request but in a different thread, leading to an instance-variable overwrite associated with a "synchronization problem" and lack of thread safety, and related to RemoteFilterValve, RemoteAddrValve, and RemoteHostValve.)
Оригинальный текстdocumentAPACHE, [SECURITY] CVE-2008-3271 - Apache Tomcat information disclosure (12.10.2008)

Многочисленные уязвимости безопасности в CA ARCserve Backup
дополнено с 12 октября 2008 г.
Опубликовано:15 октября 2008 г.
Источник:
SecurityVulns ID:9352
Тип:удаленная
Уровень опасности:
7/10
Описание:Выполнение кода, многочисленные DoS-условия.
Затронутые продукты:CA : CA Server Protection Suite 2
 CA : CA Business Protection Suite 2
 CA : ARCserve Backup 11.1
 CA : ARCserve Backup 11.5
 CA : ARCserve Backup 12.0
CVE:CVE-2008-4400 (Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash of multiple services) via crafted authentication credentials, related to "insufficient validation.")
 CVE-2008-4399 (Unspecified vulnerability in the database engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request, related to "insufficient validation.")
 CVE-2008-4398 (Unspecified vulnerability in the tape engine service in asdbapi.dll in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to cause a denial of service (crash) via a crafted request.)
 CVE-2008-4397 (Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A.)
Оригинальный текстdocumentVR-Subscription-noreply_(at)_assurent.com, [Full-disclosure] Assurent VR - CA ARCserve Backup DB Engine Denial of Service (15.10.2008)
 documentVR-Subscription-noreply_(at)_assurent.com, [Full-disclosure] Assurent VR - CA ARCserve Backup Tape Engine Denial of Service (15.10.2008)
 documentcocoruder, CA BrightStor ARCServe BackUp Message Engine Remote Command Injection Vulnerability (14.10.2008)
 documentCA, CA ARCserve Backup Multiple Vulnerabilities (12.10.2008)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород