Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в HP Mercury Quality Center (multiple bugs)
дополнено с 3 апреля 2007 г.
Опубликовано:13 апреля 2007 г.
Источник:
SecurityVulns ID:7524
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение буфера в ActiveX-элементе, внедрение SQL.
Затронутые продукты:HP : Mercury Quality Center 9.0
CVE:CVE-2007-1882 (qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury Quality Center 9.0 build 9.1.0.4352 allows remote authenticated users to execute arbitrary SQL commands via the RunQuery method.)
 CVE-2007-1819 (Stack-based buffer overflow in the SPIDERLib.Loader ActiveX control (Spider90.ocx) 9.1.0.4353 in TestDirector (TD) for Mercury Quality Center 9.0 before Patch 12.1, and 8.2 SP1 before Patch 32, allows remote attackers to execute arbitrary code via a long ProgColor property.)
Оригинальный текстdocumentHP, [security bulletin] HPSBGN02199 SSRT071312 rev.1 - Mercury Quality Center ActiveX, Remote Unauthorized Arbitrary Code Execution (13.04.2007)
 documentIsma Khan, [Full-disclosure] HP Mercury Quality Center Any SQL execution (03.04.2007)
 documentIDEFENSE, iDefense Security Advisory 04.02.07: Hewlett-Packard Mercury Quality Center ActiveX Control ProgColor Buffer Overflow Vulnerability (03.04.2007)
Файлы:POC exploit for Mercury Quality Center Spider90.ocx ProgColor Overflow
 HP Mercury Quality Center runQuery exploit

Слабая криптография в Steganos (weak cryptography)
Опубликовано:13 апреля 2007 г.
Источник:
SecurityVulns ID:7572
Тип:локальная
Уровень опасности:
5/10
Описание:Ключ шифрования хранится вместе с данными.
Затронутые продукты:STEGANOS : Steganos Safe 8
Оригинальный текстdocumentfrankrizzo604_(at)_gmail.com, Steganos Encrypted Safe NOT so safe (13.04.2007)

Переполнение буфера в pfs_mountd.rpc под HP-UX (buffer overflow)
Опубликовано:13 апреля 2007 г.
Источник:
SecurityVulns ID:7573
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера при разборе UDP-датаграм.
Затронутые продукты:HP : HP-UX 11.00
 HP : HP-UX 11.11
 HP : HP-UX 11.23
CVE:CVE-2007-1993 (Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to execute arbitrary code by sending "a call to procedure 5, followed by a crafted payload to procedure 2.")
Оригинальный текстdocumentHP, [security bulletin] HPSBUX02203 SSRT071339 rev.1 - HP-UX Running Portable File System (PFS), Remote Increase in Privilege (13.04.2007)
 documentIDEFENSE, iDefense Security Advisory 04.12.07: Hewlett Packard HP-UX Remote pfs_mountd.rpc Buffer Overflow Vulnerability (13.04.2007)

Многочисленные переполнения буфера в eIQnetworks Enterprise Security Analyzer (buffer overflow)
Опубликовано:13 апреля 2007 г.
Источник:
SecurityVulns ID:7574
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные переполнения буфера при разборе трафика TCP/10616.
Затронутые продукты:EIQNETWORKS : Enterprise Security Analyzer 2.5
CVE:CVE-2007-2059 (Multiple buffer overflows in the ESA protocol implementation in eIQnetworks Enterprise Security Analyzer (ESA) 2.5 allow remote attackers to execute arbitrary code via a long parameter to the (1) DELETESEARCHFOLDER, (2) DELTASK, (3) HMGR_CHECKHOSTSCSV, (4) TASKUPDATEDUSER, (5) VERIFYUSERKEY, or (6) VERIFYPWD command.)
Оригинальный текстdocumentinfocus, INFIGO-2007-04-05: Enterprise Security Analyzer server remote buffer overflows (13.04.2007)

Многочисленные уязвимости в Cisco Wireless Control System (multiple bugs)
Опубликовано:13 апреля 2007 г.
Источник:
SecurityVulns ID:7575
Тип:удаленная
Уровень опасности:
6/10
Описание:Неизменяемая учетная запись FTP-доступа, повышение привилегий через членство в группах, утечка информации.
Затронутые продукты:CISCO : Cisco Wireless Control System 4.0
CVE:CVE-2007-2035 (Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain network organization data via a direct request for files in certain directories, aka Bug ID CSCsg04301.)
 CVE-2007-2034 (Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.87.0 allows remote authenticated users to gain the privileges of the SuperUsers group, and manage the application and its networks, related to the group membership of user accounts, aka Bug ID CSCsg05190.)
 CVE-2007-2033 (Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.81.0 allows remote authenticated users to read any configuration page by changing the group membership of user accounts, aka Bug ID CSCse78596.)
 CVE-2007-2032 (Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded FTP username and password for backup operations, which allows remote attackers to read and modify arbitrary files via unspecified vectors related to "properties of the FTP server," aka Bug ID CSCse93014.)
Оригинальный текстdocumentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in the Cisco Wireless Control System (13.04.2007)

Многочисленные уязвимости в Cisco Wireless LAN Controller (multiple bugs)
дополнено с 13 апреля 2007 г.
Опубликовано:13 апреля 2007 г.
Источник:
SecurityVulns ID:7576
Тип:удаленная
Уровень опасности:
5/10
Описание:SNMP-community по-умолчанию, отказ в обслужиании при разборе фрейма Ethernet, многочисленные DoS-условия в NPU, не сохраняются списки контроля доступом, пароли по-умолчанию.
Затронутые продукты:CISCO : Cisco Catalyst 6500
 CISCO : Cisco 4400
 CISCO : Cisco 2100
 CISCO : Cisco Catalyst 3750
 CISCO : Cisco Aironet 1000
 CISCO : Cisco Aironet 1500
CVE:CVE-2007-2041 (Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ACL configuration with an invalid checksum, which prevents WLAN ACLs from being loaded at boot time, and might allow remote attackers to bypass intended access restrictions, aka Bug ID CSCse58195.)
 CVE-2007-2040 (Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points before 3.2.185.0, and 4.0.x before 4.0.206.0, have a hard-coded password, which allows attackers with physical access to perform arbitrary actions on the device, aka Bug ID CSCsg15192.)
 CVE-2007-2039 (The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.171.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug IDs CSCsg15901 and CSCsh10841.)
 CVE-2007-2038 (The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller (WLC) before 3.2.193.5, 4.0.x before 4.0.206.0, and 4.1.x allows remote attackers on a local wireless network to cause a denial of service (loss of packet forwarding) via (1) crafted SNAP packets, (2) malformed 802.11 traffic, or (3) packets with certain header length values, aka Bug ID CSCsg36361.)
 CVE-2007-2037 (Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x before 4.0.155.0, allows remote attackers on a local network to cause a denial of service (device crash) via malformed Ethernet traffic.)
 CVE-2007-2036 (The SNMP implementation in the Cisco Wireless LAN Controller (WLC) before 20070419 uses the default read-only community public, and the default read-write community private, which allows remote attackers to read and modify SNMP variables, aka Bug ID CSCse02384.)
Оригинальный текстdocumentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in the Cisco Wireless LAN Controller and Cisco Lightweight Access Points (13.04.2007)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:13 апреля 2007 г.
Источник:
SecurityVulns ID:7577
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:CHATNESS : Chatness 2.5
 DOTCLEAR : Dotclear 1.2
 OPENADS : Openads 2.0
 OPENADS : Max Media Manager 0.1
 OPENADS : Max Media Manager 0.3
 MEPHISTO : mephisto 0.7
 TUMUSIKA : TuMusika Evolution 1.6
 PHPWEBNEWS : phpwebnews 1
 FAC : FAC GuestBook 2.0
 OPENADS : Max Media Manager 0.2
 AFTERLOGIC : MailBee WebMail Pro 3.4
 PHPNUKE : Virtual War 1.5 module for PHP-Nuke
CVE:CVE-2007-2061 (Cross-site scripting (XSS) vulnerability in check_login.asp in AfterLogic MailBee WebMail Pro 3.4 allows remote attackers to inject arbitrary web script or HTML via the username parameter.)
 CVE-2007-1989 (Multiple cross-site scripting (XSS) vulnerabilities in DotClear before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post_id parameter to ecrire/trackback.php or the (2) tool_url parameter to tools/thememng/index.php. NOTE: some of these details are obtained from third party information.)
 CVE-2007-1873 (Cross-site scripting (XSS) vulnerability in Mephisto 0.7.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search script.)
Оригинальный текстdocumentJanek Vind, [waraxe-2007-SA#048] - Multiple vulnerabilities in Virtual War 1.5 module for PhpNuke (13.04.2007)
 documentAesthetico, [MajorSecurity Advisory #44]MailBee WebMail Pro - Cross Site Scripting Issue (13.04.2007)
 documentnssimo nssimo, [Full-disclosure] Dotclear 1.* Cross Site Scripting Vulnerability (13.04.2007)
 documentMatteo Beccati, [Full-disclosure] [OPENADS-SA-2007-003] Openads 2.0.11 vulnerability fixed (13.04.2007)
 documentMatteo Beccati, [Full-disclosure] [OPENADS-SA-2007-004] Max Media Manager v0.1.29-rc and v0.3.31-alpha-pr2 vulnerability fixed (13.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, FAC GuestBook v2.0 remote database disclosure vulnerability (13.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, phpwebnews v.1 Multiple Cross Site Scripting Vulnerabilites (13.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, TuMusika Evolution 1.6 Cross Site Scripting Vulnerabilitiy (13.04.2007)
 documentHanno Bock, Cross site scripting in mephisto 0.7.3 (13.04.2007)
Файлы:Exploits Chatness <= 2.5.3 - Arbitrary Code Execution

Переполнение буфера в Airodump-ng (buffer overflow)
Опубликовано:13 апреля 2007 г.
Источник:
SecurityVulns ID:7578
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе пакета аутентификации 802.11.
Затронутые продукты:AIRODUMPNG : airodump-ng 0.7
CVE:CVE-2007-2057 (Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows remote attackers to execute arbitrary code via crafted 802.11 authentication packets.)
Оригинальный текстdocumentjonny_(at)_nop-art.net, Aircrack-ng (airodump-ng) remote buffer overflow vulnerability (13.04.2007)
Файлы:aircrack/airodump-ng (0.7) remote exploit

Многочисленные уязвимости в антивирусе ClamAV (multiple bugs)
дополнено с 13 апреля 2007 г.
Опубликовано:16 апреля 2007 г.
Источник:
SecurityVulns ID:7580
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера при разборе файлов CAB. Отказ в обслуживании при разборе CHM. Утечка файловых дискрипторов при разборе PDF.
Затронутые продукты:CLAMAV : ClamAV 0.90
CVE:CVE-2007-2029 (File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file.)
 CVE-2007-1997 (Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow.)
 CVE-2007-1745 (The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information.)
Оригинальный текстdocumentIDEFENSE, [Full-disclosure] iDefense Security Advisory 04.16.07: ClamAV CAB File Unstore Buffer Overflow Vulnerability (16.04.2007)
 documentSECUNIA, [SA24891] Clam AntiVirus Two Vulnerabilities (13.04.2007)

0-day переполнение буфера в DNS-сервере Microsoft Windows (buffer overflow)
дополнено с 13 апреля 2007 г.
Опубликовано:8 мая 2007 г.
Источник:
SecurityVulns ID:7579
Тип:удаленная
Уровень опасности:
8/10
Описание:Переполнение буфера в RPC-интерфейсе используется для удаленной компрометации систем.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2003 Server
CVE:CVE-2007-1748 (Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.)
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS07-029 Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966) (08.05.2007)
 documentAndres Tarasco , [Full-disclosure] Microsoft DNS Server Remote Code execution Exploit and analysis (16.04.2007)
 documentCERT, US-CERT Technical Cyber Security Alert TA07-103A -- Microsoft Windows DNS RPC Buffer Overflow (14.04.2007)
 documentMICROSOFT, Microsoft Security Advisory (935964) Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution (13.04.2007)
Файлы:Microsoft DNS Server Remote Code execution Exploit
 Microsoft Security Bulletin MS07-029 Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород