Информационная безопасность
[RU] switch to English


Выполнение кода в HP Performance Center Agent / HP Load Runner Agent
Опубликовано:13 мая 2010 г.
Источник:
SecurityVulns ID:10830
Тип:удаленная
Уровень опасности:
5/10
Описание:Выполнение кода через службу TCP/54345.
CVE:CVE-2010-1549 (Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote attackers to execute arbitrary code via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMA02201 SSRT071328 rev.1 - HP LoadRunner Agent on Windows, Remote Unauthenticated Arbitrary Code Execution (13.05.2010)
 documentZDI, ZDI-10-080: HP Mercury LoadRunner Agent Trusted Input Remote Code Execution Vulnerability (13.05.2010)
 documentHP, [security bulletin] HPSBMA02528 SSRT100106 rev.1 - HP Performance Center Agent on Windows, Remote Unauthenticated Arbitrary Code Execution (13.05.2010)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:13 мая 2010 г.
Источник:
SecurityVulns ID:10831
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:PALOALTO : Palo Alto Network 3.1
 POLYPAGER : PolyPager 1.0
 TOMATOCMS : TomatoCMS 2.0
 NPDS : REvolution 10.02
 JOOMLA : com_aardvertiser 2.0
Оригинальный текстdocumenteidelweiss, Joomla Component advertising (com_aardvertiser) File Inclusion Vulnerability (13.05.2010)
 documentHigh-Tech Bridge Security Research, Blind SQL injection vulnerability in NPDS REvolution (13.05.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in NPDS (13.05.2010)
 documentSECUNIA, Secunia Research: TomatoCMS "q" SQL Injection Vulnerability (13.05.2010)
 documentSECUNIA, Secunia Research: TomatoCMS Script Insertion Vulnerabilities (13.05.2010)
 documentJeromie Jackson, PolyPager 1.0rc10 (fckeditor) File Upload Security Issue (13.05.2010)
 documentJeromie Jackson, Palo Alto Network Vulnerability - Cross-Site Scripting (XSS) (13.05.2010)

Многочисленные уязвимости в Cisco PGW Softswitch
Опубликовано:13 мая 2010 г.
Источник:
SecurityVulns ID:10833
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные DoS-условия.
Затронутые продукты:CISCO : Cisco PGW 2200
CVE:CVE-2010-1567 (The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.8(1)S5 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsz13590.)
 CVE-2010-1565 (Unspecified vulnerability in the SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (TCP socket exhaustion) via unknown vectors, aka Bug ID CSCsk13561.)
 CVE-2010-1563 (The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsk04588.)
 CVE-2010-1562 (The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a malformed Contact header, aka Bug ID CSCsj98521.)
 CVE-2010-1561 (The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S11 and 9.7(3)P before 9.7(3)P11 allows remote attackers to cause a denial of service (device crash) via a long message, aka Bug ID CSCsk44115.)
 CVE-2010-0604 (Unspecified vulnerability in the SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S10 allows remote attackers to cause a denial of service (device crash) via unknown SIP traffic, as demonstrated by "SIP testing," aka Bug ID CSCsk38165.)
 CVE-2010-0603 (The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S10 allows remote attackers to cause a denial of service (device crash) via a malformed session attribute, aka Bug ID CSCsk40030.)
 CVE-2010-0602 (The SIP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S11 allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug ID CSCsk32606.)
 CVE-2010-0601 (The MGCP implementation on the Cisco PGW 2200 Softswitch with software before 9.7(3)S11 allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug ID CSCsl39126.)
Оригинальный текстdocumentCISCO, Cisco Security Advisory: Multiple vulnerabilities in Cisco PGW Softswitch (13.05.2010)

Переполнение буфера в плеере BaoFeng Storm
Опубликовано:13 мая 2010 г.
Источник:
SecurityVulns ID:10835
Тип:локальная
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе плей-листов .m3u
Затронутые продукты:BAOFENG : Storm2012 3.10
Оригинальный текстdocumentlilf, BaoFeng Storm M3U File Processing Buffer Overflow Vulnerability (13.05.2010)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
дополнено с 11 мая 2010 г.
Опубликовано:13 мая 2010 г.
Источник:
SecurityVulns ID:10817
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:CACTI : cacti 0.8
 CLANTIGER : ClanTiger 1.1
 FAMILICMS : Family Connections 2.2
 ADVANCEDPOLL : Advanced Poll 2.08
 ORANGEHRM : OrangeHRM 2.5
 CMSMADESIMPLE : CMS Made Simple 1.7
 JAWS : jaws 0.8
 ECSHOP : ECShop 2.7
 SOURCEFABRIC : Campsite 3.3
 CLANSPHERE : ClanSphere 2009.0
 DELUXEBB : DeluxeBB 1.3
 EFRONTLEARNING : Efront 3.6
 S9Y : Serendipity 1.5
 XINHA : Xinha 0.96
 REZERVI : REZERVI 3.0
CVE:CVE-2010-1482 (Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the date_format_string parameter.)
 CVE-2010-1481 (Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute.)
 CVE-2010-1431 (SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter.)
Оригинальный текстdocumentMustLive, Vulnerability in tagcloud for Kasseler CMS (13.05.2010)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Shockwave 3D Blocks Field Code Execution Vulnerability (CVE-2010-1283) (13.05.2010)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Shockwave DIRAPI Multiple Code Execution Vulnerabilities (CVE-2010-1280) (13.05.2010)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Shockwave 3D Two Remote Code Execution Vulnerabilities (CVE-2010-1284) (13.05.2010)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Shockwave IML32 Multiple Code Execution Vulnerabilities (CVE-2010-0129) (13.05.2010)
 documentSECUNIA, Secunia Research: Adobe Shockwave Player Font Processing Buffer Overflow (13.05.2010)
 documentSECUNIA, Secunia Research: Adobe Shockwave Player Asset Entry Parsing Vulnerability (13.05.2010)
 documentSECUNIA, Secunia Research: Adobe Shockwave Player Integer Overflow Vulnerability (13.05.2010)
 documenteidelweiss, 29o3 CMS (LibDir) Multiple Remote File Inclusion Vulnerability (11.05.2010)
 documentHigh-Tech Bridge Security Research, XSS in Saurus CMS (11.05.2010)
 documentHigh-Tech Bridge Security Research, XSS in DynamiXgate Affiliate Store Builder (11.05.2010)
 documentMustLive, Vulnerability in widget Cumulus for BlogEngine.NET (11.05.2010)
 documentMANDRIVA, [ MDVSA-2010:092 ] cacti (11.05.2010)
 documenteidelweiss, REZERVI (root) Remote Command Execution Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-002: Campsite TinyMCE Article Attachment SQL Injection Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-004: ClanSphere Captcha Generator Blind SQL Injection Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-005: ClanSphere MySQL Driver Generic SQL Injection Vulnerability (11.05.2010)
 documentPHP-SECURITY, ClanTiger Shoutbox Module s_email SQL Injection vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-011: DeluxeBB newthread SQL Injection Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-018: EFront ask_chat chatrooms_ID SQL Injection Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-019: Serendipity WYSIWYG Editor Plugin Configuration Injection Vulnerability (11.05.2010)
 documentPHP-SECURITY, MOPS-2010-020: Xinha WYSIWYG Plugin Configuration Injection Vulnerability (11.05.2010)
 documentStefan Esser, Month of PHP Security - Summary - 1st May - 10th May (11.05.2010)
 documentvulns_(at)_wintercore.com, [Wintercore Research] Consona Products - Multiple vulnerabilities (11.05.2010)
 documentlis cker, Injection of ECShop apps. (11.05.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Jaws (11.05.2010)
 documentHanno Bock, pmwiki: persistent cross site scripting (XSS), CVE-2010-1481 (11.05.2010)
 documentHanno Bock, CMS Made Simple: backend cross site scripting (XSS), CVE-2010-1482 (11.05.2010)
 documentZakar Miklуs, SA00001-2010 (11.05.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in EasyPublish CMS (11.05.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Advanced Poll (11.05.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in EasyPublish CMS (11.05.2010)
 documentBUGTRAQ, XSS vulnerability in Advanced Poll (11.05.2010)
 documentSalvatore "drosophila" Fresta, Family Connections 2.2.3 Multiple Remote Vulnerabilities (11.05.2010)
 documentmd.r00t.defacer_(at)_gmail.com, Turnkey Innovations SQL Injection Vulnerability (11.05.2010)

DoS против iSCSI в Linux
Опубликовано:13 мая 2010 г.
Источник:
SecurityVulns ID:10834
Тип:удаленная
Уровень опасности:
5/10
Описание:DoS против ietd через запрос iSNS.
Затронутые продукты:ISCSITARGET : iscsitarget 0.4
CVE:CVE-2010-0743 (Multiple format string vulnerabilities in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) 1.0.3, 0.9.5, and earlier and (2) iSCSI Enterprise Target (aka iscsitarget) 0.4.16 allow remote attackers to cause a denial of service (tgtd daemon crash) or possibly have unspecified other impact via vectors that involve the isns_attr_query and qry_rsp_handle functions, and are related to (a) client appearance and (b) client disappearance messages.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2042-1] New iscsitarget packages fix arbitrary code execution (13.05.2010)

Межсайтовый скриптинг в VMware View
Опубликовано:13 мая 2010 г.
Источник:
SecurityVulns ID:10836
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:VMWARE : VMware View 3.1
CVE:CVE-2010-1143 (Cross-site scripting (XSS) vulnerability in VMware View (formerly Virtual Desktop Manager or VDM) 3.1.x before 3.1.3 build 252693 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Оригинальный текстdocumentVMWARE, VMSA-2010-0008 VMware View 3.1.3 addresses an important cross-site scripting vulnerability (13.05.2010)

Переполнения буфера в IrfanView
Опубликовано:13 мая 2010 г.
Источник:
SecurityVulns ID:10832
Тип:клиент
Уровень опасности:
5/10
Описание:Переполнение буфера и целочисленное переполнение при разборе файлов PSD.
Затронутые продукты:IRFANVIEW : IrfanView 4.25
CVE:CVE-2010-1510 (Heap-based buffer overflow in IrfanView before 4.27 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PSD image with RLE compression.)
 CVE-2010-1509 (IrfanView before 4.27 does not properly handle an unspecified integer variable during processing of PSD images, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow, related to a "sign-extension error.")
Оригинальный текстdocumentSECUNIA, Secunia Research: IrfanView PSD RLE Decompression Buffer Overflow (13.05.2010)
 documentSECUNIA, Secunia Research: IrfanView PSD Image Parsing Sign-Extension Vulnerability (13.05.2010)

Межсайтовый скриптинг в HP Insight Control Server Migration
Опубликовано:13 мая 2010 г.
Источник:
SecurityVulns ID:10837
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:HP : Insight Control server migration 6.0
CVE:CVE-2010-1557 (Multiple cross-site scripting (XSS) vulnerabilities in HP Insight Control Server Migration before 6.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMA02522 SSRT100086 rev.1 - HP Insight Control Server Migration for Windows, Remote Cross Site Scripting (XSS) (13.05.2010)

Межсайтовый скриптинг в HP Systems Insight Manager
Опубликовано:13 мая 2010 г.
Источник:
SecurityVulns ID:10838
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:HP : Systems Insight Manager 5.3
 HP : Systems Insight Manager 6.0
CVE:CVE-2010-1556 (Unspecified vulnerability in HP Systems Insight Manager (SIM) 5.3, 5.3 Update 1, and 6.0 allows remote attackers to obtain sensitive information and modify data via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMA02520 SSRT100071 rev.1 - HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows, Remote Unauthorized Access to Data (13.05.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород