Информационная безопасность
[RU] switch to English


Переполнение буфера в сервере баз данных Progress (buffer overflow)
Опубликовано:13 июля 2007 г.
Источник:
SecurityVulns ID:7931
Тип:удаленная
Уровень опасности:
7/10
Описание:Переполнение буфера в сетевой службе по портам TCP/5520, TCP/5530. Progress Используется, в частности, во многих продуктах RSA.
Затронутые продукты:RSA : RSA ACE/Server 5.2
 RSA : RSA Authentication Manager 6.0
 RSA : RSA SecurID Appliance 2.0
 RSA : RSA Authentication Manager 6.1
CVE:CVE-2007-2417 (Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets. NOTE: this issue might overlap CVE-2007-3491.)
Оригинальный текстdocument3COM, [Full-disclosure] TPTI-07-12: Multiple Vendor Progress Server Heap Overflow Vulnerability (13.07.2007)

Кратковременные условия в RC-скрипте XFS (race conditions)
Опубликовано:13 июля 2007 г.
Источник:
SecurityVulns ID:7933
Тип:локальная
Уровень опасности:
6/10
Описание:Небезопасное выполнение chown для временного файла позволяет изменение принадлежности файлов.
CVE:CVE-2007-3103 (The init.d script for the X.Org X11 xfs font server on Red Hat Enterprise Linux (RHEL) 4 and 5 before 20070712, and Fedora Core 6, might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.)
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 07.12.07: Red Hat Enterprise Linux init.d XFS Script chown Race Condition Vulnerability (13.07.2007)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
дополнено с 13 июля 2007 г.
Опубликовано:13 июля 2007 г.
Источник:
SecurityVulns ID:7929
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:OSCOMMERCE : osCommerce 2.2
 GOOGLE : Google Custom Search Engine
 ALTAVISTA : AltaVista local engine
 ACTIVEWEB : activeWeb contentserver 5.6
 SITESCAPE : SiteScape 7.2
 YANDEX : Yandex.Server
CVE:CVE-2007-3484 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this issue is disputed by the Google Security Team, who states that "Google does not provide the 'search.php' script referenced. When a user creates a custom search engine, we provide them with a block of javascript to include on their site. Some users write additional code around this block of javascript to further customize their website.")
 CVE-2007-3018 (activeWeb contentserver CMS before 5.6.2964 does not limit the file-creation ability of editors who have restricted accounts, which allows these editors to create files in arbitrary directories.)
 CVE-2007-3017 (The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklist_edit.asp.)
 CVE-2007-3014 (Multiple cross-site scripting (XSS) vulnerabilities in activeWeb contentserver before 5.6.2964 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) errors/rights.asp or (2) errors/transaction.asp, or (3) the name of a MIME type (mimetype).)
 CVE-2007-3013 (SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/picture_real_edit.asp, and probably other unspecified vectors.)
Оригинальный текстdocumentMustLive, MOSEB-07 Bonus: Vulnerabilities in Yandex.Server (15.07.2007)
 documentMustLive, Vulnerabilities in Yandex.Server (15.07.2007)
 documentMustLive, Vulnerability in AltaVista local search engine (15.07.2007)
 documentMarc Ruef, [scip_Advisory 3159] SiteScape forum prior 7.3 Cross Site Scripting (13.07.2007)
 documentMarc Ruef, [Full-disclosure] [scip_Advisory 3159] SiteScape forum prior 7.3 Cross Site Scripting (13.07.2007)
 documentdoes_not_exist_(at)_jmp-esp.kicks-ass.net, MkPortal - Multiple SQL Injection Vulnerabilities (13.07.2007)
 documentRedTeam Pentesting, [Full-disclosure] ActiveWeb Contentserver CMS Multiple Cross Site Scriptings (13.07.2007)
 documentRedTeam Pentesting, [Full-disclosure] ActiveWeb Contentserver CMS Editor Permission Settings Problem (13.07.2007)
 documentRedTeam Pentesting, [Full-disclosure] ActiveWeb Contentserver CMS SQL Injection Management Interface (13.07.2007)
 documentRedTeam Pentesting, [Full-disclosure] ActiveWeb Contentserver CMS Clientside Filtering of Page Editor Content (13.07.2007)
 documentDebasis Mohanty, Re: [Full-disclosure] ActiveWeb Contentserver CMS Multiple Cross Site Scriptings (13.07.2007)
 documentmatrix_killer ma3x, osCommerce Online Merchant v2.2 RC1 local include bug (13.07.2007)
 documentMustLive, MOSEB-15 Bonus: Vulnerability in Google Custom Search Engine (13.07.2007)
 documentMustLive, MOSEB-12 Bonus: Vulnerability in AltaVista (13.07.2007)
 documentMustLive, Vulnerability in Google Custom Search Engine (13.07.2007)

Многочисленные уязвимости в библиотеке libarchive (multiple bugs)
Опубликовано:13 июля 2007 г.
Источник:
SecurityVulns ID:7934
Тип:библиотека
Уровень опасности:
5/10
Описание:Повреждения памяти, переполнение буфера, обращение по нулевому указателю.
Затронутые продукты:FREEBSD : FreeBSD 6.1
 FREEBSD : FreeBSD 5.5
 FREEBSD : FreeBSD 6.2
CVE:CVE-2007-3645 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (crash) via (1) an end-of-file condition within a tar header that follows a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive, which results in a NULL pointer dereference, a different issue than CVE-2007-3644.)
 CVE-2007-3644 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows user-assisted remote attackers to cause a denial of service (infinite loop) via (1) an end-of-file condition within a pax extension header or (2) a malformed pax extension header in an (a) PAX or a (b) TAR archive.)
 CVE-2007-3641 (archive_read_support_format_tar.c in libarchive before 2.2.4 does not properly compute the length of a certain buffer when processing a malformed pax extension header, which allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) PAX or (2) TAR archive that triggers a buffer overflow.)
Оригинальный текстdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-07:05.libarchive (13.07.2007)

Переполнение буфера в Apple QuickTime (buffer overflow)
дополнено с 12 июля 2007 г.
Опубликовано:13 июля 2007 г.
Источник:
SecurityVulns ID:7925
Тип:библиотека
Уровень опасности:
7/10
Описание:Переполнение буфера при разборе формата SMIL.
Затронутые продукты:APPLE : QuickTime 7.1
CVE:CVE-2007-2394 (Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation.)
Оригинальный текстdocumentCERT, US-CERT Technical Cyber Security Alert TA07-193A -- Apple Releases Security Updates for QuickTime (13.07.2007)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 07.11.07: Apple QuickTime SMIL File Processing Integer Overflow Vulnerability (12.07.2007)

Выполнение команд через XMLDSIG (code edxecution)
Опубликовано:13 июля 2007 г.
Источник:
SecurityVulns ID:7935
Тип:библиотека
Уровень опасности:
6/10
Описание:Многочисленные уязвимости при валидации XML-сигнатур.
Затронутые продукты:SUN : JWSDP 2.0
 SUN : Sun Java System Web Server 7.0
 SUN : Sun Java System Application Server 8.2
 SUN : Sun Java System Application Server 9.0
 ORACLE : JRE 6
 IAIK : XML Security Toolkit 1.09
 IAIK : XML Signature Library 1.2
 SUN : JSR 105
 SUN : JWSDP 1.5
Оригинальный текстdocumentbrad_(at)_isecpartners.com, Command Injection in XML Digital Signatures (13.07.2007)

Многочисленные переполнения буфера в Symantec Antivirus (buffer overflow)
Опубликовано:13 июля 2007 г.
Источник:
SecurityVulns ID:7930
Тип:удаленная
Уровень опасности:
7/10
Описание:Переполнения буфера при разборе архивов RAR, CAB.
CVE:CVE-2007-3699 (The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header.)
 CVE-2007-0447 (Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives.)
Оригинальный текстdocument3COM, [Full-disclosure] ZDI-07-040: Symantec AntiVirus Engine CAB Parsing Heap Overflow Vulnerability (13.07.2007)
 documentZDI, [Full-disclosure] ZDI-07-039: Symantec AntiVirus Engine RAR File Parsing DoS Vulnerability (13.07.2007)

Многочисленные уязвимости в расширении perl Net::DNS (multiple bugs)
дополнено с 13 июля 2007 г.
Опубликовано:17 декабря 2007 г.
Источник:
SecurityVulns ID:7932
Тип:библиотека
Уровень опасности:
5/10
Описание:Слабая генерация идентификаторов DNS-запросов, DoS при разборе DNS-запросов.
Затронутые продукты:PERL : Net::DNS 0.59
 PERL : Net::DNS 0.60
CVE:CVE-2007-6341 (Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such as SpamAssassin and OTRS, allows remote attackers to cause a denial of service (program "croak") via a crafted DNS response.)
 CVE-2007-3409 (Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed compressed DNS packet with self-referencing pointers, which triggers an infinite loop.)
 CVE-2007-3377 (Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin.)
Оригинальный текстdocumentSECURITEAM, [UNIX] Net::DNS Malformed Packet DoS (17.12.2007)
 documentMANDRIVA, [Full-disclosure] [ MDKSA-2007:146 ] - Updated perl-Net-DNS packages fix multiple vulnerabilities (13.07.2007)
Файлы:Exploits Net::DNS Malformed Packet DoS

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород