Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:13 сентября 2011 г.
Источник:
SecurityVulns ID:11900
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:JBOSS : JBoss 3.2
 JBOSS : JBoss 4.0
 MANTIS : Mantis 1.1
 VMWARE : Spring Security 3.0
 VMWARE : Spring Security 2.0
 HBCUMULUS : HB-Cumulus for Habari 1.4
 EZ : EZcumulus 1.0
 EXPRESSION : Simple Tags for Expression Engine 1.6
 SERENDIPITY : Freetag 3.28
 PHPFUSION : Animated tag cloud for PHP-Fusion 1.4
 MAGNETO : 3D Advanced Tags Clouds 2.0
 JBOSS : JBoss 5.0
 PAPOO : CMS Papoo Light 4.0
 BCFG2 : bcfg2 1.1
CVE:CVE-2011-3358 (Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) os, (2) os_build, or (3) platform parameter to (a) bug_report_page.php or (b) bug_update_advanced_page.php, related to use of the Projax library.)
 CVE-2011-3357 (Directory traversal vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter, related to bug_actiongroup_page.php.)
 CVE-2011-3211 (The server in Bcfg2 1.1.2 and earlier, and 1.2 prerelease, allows remote attackers to execute arbitrary commands via shell metacharacters in data received from a client.)
 CVE-2011-2894 (Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through 3.0.5 and 2.0.0 through 2.0.6, and possibly other versions deserialize objects from untrusted sources, which allows remote attackers to bypass intended security restrictions and execute untrusted code by (1) serializing a java.lang.Proxy instance and using InvocationHandler, or (2) accessing internal AOP interfaces, as demonstrated using deserialization of a DefaultListableBeanFactory instance to execute arbitrary commands via the java.lang.Runtime class.)
 CVE-2011-2732 (CRLF injection vulnerability in the logout functionality in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the spring-security-redirect parameter.)
 CVE-2011-2731 (Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows attackers to gain privileges via a crafted thread.)
 CVE-2011-2730 (VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via a (1) name attribute in a (a) spring:hasBindErrors tag; (2) path attribute in a (b) spring:bind or (c) spring:nestedpath tag; (3) arguments, (4) code, (5) text, (6) var, (7) scope, or (8) message attribute in a (d) spring:message or (e) spring:theme tag; or (9) var, (10) scope, or (11) value attribute in a (f) spring:transform tag, aka "Expression Language Injection.")
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2302-1] bcfg2 security update (13.09.2011)
 documentVMWARE, CVE-2011-2730: Spring Framework Information Disclosure (13.09.2011)
 documentVMWARE, CVE-2011-2732: Spring Security header injection vulnerability (13.09.2011)
 documentVMWARE, CVE-2011-2894: Spring Framework and Spring Security serialization-based remoting vulnerabilities (13.09.2011)
 documentVMWARE, CVE-2011-2731: Spring Security privilege escalation when using RunAsManager (13.09.2011)
 documentsschurtz_(at)_t-online.de, Multiple XSS vulnerabilities in CMS Papoo Light Version (13.09.2011)
 documentDEBIAN, [SECURITY] [DSA 2308-1] mantis security update (13.09.2011)
 documentMustLive, Уязвимости в JBoss Application Server (13.09.2011)
 documentMustLive, Vulnerability in plugins for Typepad, RapidWeaver, Habari, DasBlo, eZ Publish, EE, Serendipity, Social Web CMS, PHP-Fusion, Magento and Sweetcron (13.09.2011)

DoS против IRC-клиента Quassel
Опубликовано:13 сентября 2011 г.
Источник:
SecurityVulns ID:11901
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ при разборе запроса CTCP.
Затронутые продукты:QUASSEL : quassel 0.6
Оригинальный текстdocumentUBUNTU, [USN-1200-1] Quassel vulnerability (13.09.2011)

Повышение привилегий в EMC Avamar
Опубликовано:13 сентября 2011 г.
Источник:
SecurityVulns ID:11902
Тип:локальная
Уровень опасности:
4/10
Описание:Администратор одного домена может иметь доступ к данным другого домена.
Затронутые продукты:EMC : Avamar 5.0
 EMC : Avamar 6.0
CVE:CVE-2011-1740 (EMC Avamar 4.x, 5.0.x, and 6.0.x before 6.0.0-592 allows remote authenticated users to modify client data or obtain sensitive information about product activities by leveraging privileged access to a different domain.)
Оригинальный текстdocumentEMC, ESA-2011-018: Domain administration privilege enforcement bypass in EMC Avamar (13.09.2011)

Переполнение буфера в squid
Опубликовано:13 сентября 2011 г.
Источник:
SecurityVulns ID:11903
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера при разборе ответов gopher.
Затронутые продукты:SQUID : squid 3.0
 SQUID : squid 3.1
 SQUID : squid 3.2
CVE:CVE-2011-3205 (Buffer overflow in the gopherToHTML function in gopher.cc in the Gopher reply parser in Squid 3.0 before 3.0.STABLE26, 3.1 before 3.1.15, and 3.2 before 3.2.0.11 allows remote Gopher servers to cause a denial of service (memory corruption and daemon restart) or possibly have unspecified other impact via a long line in a response. NOTE: This issue exists because of a CVE-2005-0094 regression.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2304-1] squid3 security update (13.09.2011)

Многочисленные уязвимости в Google Chrome
Опубликовано:13 сентября 2011 г.
Источник:
SecurityVulns ID:11904
Тип:клиент
Уровень опасности:
6/10
Описание:DoS, утечка информации, повреждение памяти.
Затронутые продукты:GOOGLE : Chrome 13.0
CVE:CVE-2011-2818 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to display box rendering.)
 CVE-2011-2800 (Google Chrome before 13.0.782.107 allows remote attackers to obtain potentially sensitive information about client-side redirect targets via a crafted web site.)
 CVE-2011-2359 (Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer.")
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2307-1] chromium-browser security update (13.09.2011)

Уязвимости безопасности в ядре Linux
Опубликовано:13 сентября 2011 г.
Источник:
SecurityVulns ID:11905
Тип:удаленная
Уровень опасности:
7/10
Описание:Предсказуемые номер последовательностей TCP, повреждение памяти в клиенте CIFS.
Затронутые продукты:LINUX : kernel 2.6
CVE:CVE-2011-3191 (Integer signedness error in the CIFSFindNext function in fs/cifs/cifssmb.c in the Linux kernel before 3.1 allows remote CIFS servers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a large length value in a response to a read request for a directory.)
 CVE-2011-3188 (The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before 3.1 use a modified MD4 algorithm to generate sequence numbers and Fragment Identification values, which makes it easier for remote attackers to cause a denial of service (disrupted networking) or hijack network sessions by predicting these values and sending crafted packets.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2303-2] New linux-2.6 packages fix regression (13.09.2011)

Переполнение буфера в rsyslog
Опубликовано:13 сентября 2011 г.
Источник:
SecurityVulns ID:11906
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение буфера на длинном параметре TAG в syslog.
Затронутые продукты:RSYSLOG : rsyslog 4.6
CVE:CVE-2011-3200 (Stack-based buffer overflow in the parseLegacySyslogMsg function in tools/syslogd.c in rsyslogd in rsyslog 4.6.x before 4.6.8 and 5.2.0 through 5.8.4 might allow remote attackers to cause a denial of service (application exit) via a long TAG in a legacy syslog message.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2011:134 ] rsyslog (13.09.2011)

Обход защиты в коммутаторах Cisco Nexus
дополнено с 13 сентября 2011 г.
Опубликовано:31 октября 2011 г.
Источник:
SecurityVulns ID:11907
Тип:удаленная
Уровень опасности:
6/10
Описание:Возможно обойти ограничения ACL. Возможно выполнение кода.
Затронутые продукты:CISCO : Cisco MDS 9000
 CISCO : Cisco Nexus 5000
 CISCO : Cisco Nexus 7000
 CISCO : Cisco Nexus 3000
 CISCO : Cisco Nexus 2000
 CISCO : Cisco Nexus 4000
CVE:CVE-2011-2581 (The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before 5.0(3)N2(1) on Nexus 5000 series switches, and NX-OS before 5.0(3)U1(2a) on Nexus 3000 series switches, does not properly handle comments in conjunction with deny statements, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending packets, aka Bug IDs CSCto09813 and CSCtr61490.)
 CVE-2011-2569 (Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008, CSCtg18363, CSCtr44645, CSCts10195, and CSCts10188.)
Оригинальный текстdocumentCISCO, RE: [CVE-2011-2569] Cisco Nexus OS (NX-OS) - Command "injection" / sanitization issues. (31.10.2011)
 document0x9950_(at)_gmail.com, [CVE-2011-2569] Cisco Nexus OS (NX-OS) - Command "injection" / sanitization issues. (26.10.2011)
 documentCISCO, Cisco Security Advisory: Cisco Nexus 5000 and 3000 Series Switches Access Control List Bypass Vulnerability (13.09.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород