Информационная безопасность
[RU] switch to English


Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
дополнено с 12 апреля 2009 г.
Опубликовано:14 апреля 2009 г.
Источник:
SecurityVulns ID:9819
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:IMP : IMP 4.1
 PHPREVISTA : Revista 1.1
 VBULLETIN : vBulletin 3.7
 ABKSOFT : AbleSpace 1.0
 PHPAGENDA : PHP-agenda 2.2
 LOGGIX : Loggix Project 9.4
 DF2 : Dynamic Flash Forum 1.0
 VBULLETIN : vbAnonymizer 3.0
CVE:CVE-2009-0930 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 4.2.2 and 4.3.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) smime.php, (2) pgp.php, and (3) message.php.)
 CVE-2008-4182 (Cross-site scripting (XSS) vulnerability in imp/test.php in Horde Turba Contact Manager H3 2.2.1 and other versions before 2.3.1, and possibly other Horde Project products, allows remote attackers to inject arbitrary web script or HTML via the User field in an IMAP session.)
Оригинальный текстdocumentDSecRG, [DSECRG-09-037] abk-soft AbleSpace CMS 1.0 - Multiple security vulnerabilities (14.04.2009)
 documentMustLive, Vulnerability in vbAnonymizer for vBulletin (14.04.2009)
 documentmarianiscc_(at)_hotmail.com, Re: PHP-Revista Multiple vulnerabilities (14.04.2009)
 documentDEBIAN, [SECURITY] [DSA 1770-1] New imp4 packages fix cross-site scripting (13.04.2009)
 documentMustLive, Re: Vulnerabilities in vBulletin (13.04.2009)
 documentSalvatore "drosophila" Fresta, Dynamic Flash Forum 1.0 Beta Multiple Remote Vulnerabilities (12.04.2009)
 documentSalvatore "drosophila" Fresta, Loggix Project 9.4.5 Blind SQL Injection (12.04.2009)
 documentSalvatore "drosophila" Fresta, PHP-agenda <= 2.2.5 Remote File Overwriting (12.04.2009)
 documentMustLive, Vulnerabilities in vBulletin (12.04.2009)

Обратный путь в каталогах Web-сервера Mongoose
Опубликовано:14 апреля 2009 г.
Источник:
SecurityVulns ID:9832
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:MONGOOSE : MonGoose 2.4
Оригинальный текстdocumentew1zz_(at)_hotmail.com, MonGoose 2.4 Directory Traversal Vulnerability (14.04.2009)

Переполнение буфера в клиенте ntp
Опубликовано:14 апреля 2009 г.
Источник:
SecurityVulns ID:9833
Тип:клиент
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе ответа сервера NTP.
Затронутые продукты:NTP : ntp 4.2
CVE:CVE-2009-0159 (Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2009:092 ] ntp (14.04.2009)

Повреждение памяти в Microsoft DirectShow
Опубликовано:14 апреля 2009 г.
Источник:
SecurityVulns ID:9836
Тип:библиотека
Уровень опасности:
7/10
Описание:Повреждение памяти при воспроизведении файлов Motion JPEG.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2009-0084 (Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS09-011 - Critical Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373) (14.04.2009)
Файлы:Microsoft Security Bulletin MS09-011 - Critical Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)

Многочисленные повышения привилегий в Microsoft Windows
Опубликовано:14 апреля 2009 г.
Источник:
SecurityVulns ID:9837
Тип:локальная
Уровень опасности:
6/10
Описание:Повышения привилегий через службы MSDTC, WMI, RPCSS, Windows Thread Pool.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2009-0080 (The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by leveraging incorrect thread ACLs to access the resources of one of the processes, aka "Windows Thread Pool ACL Weakness Vulnerability.")
 CVE-2009-0079 (The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability.")
 CVE-2009-0078 (The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability.")
 CVE-2008-1436
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS09-012 - Important Vulnerabilities in Windows Could Allow Elevation of Privilege (959454) (14.04.2009)
Файлы: Microsoft Security Bulletin MS09-012 - Important Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)

Многочисленные уязвимости безопсности в службе Microsoft Windows WinHTTP
Опубликовано:14 апреля 2009 г.
Источник:
SecurityVulns ID:9838
Тип:клиент
Уровень опасности:
6/10
Описание:Целочисленное переполнение, обход проверки сертификата, NTLM-релеинг.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2009-0550 (Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability.")
 CVE-2009-0089 (Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability.")
 CVE-2009-0086 (Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS09-013 - Critical Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803) (14.04.2009)
Файлы:Microsoft Security Bulletin MS09-013 - Critical Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution (960803)

Многочисленные повреждения памяти в Microsoft Excel
дополнено с 14 апреля 2009 г.
Опубликовано:16 апреля 2009 г.
Источник:
SecurityVulns ID:9834
Тип:клиент
Уровень опасности:
6/10
Описание:Повреждение памяти при разборе файлов с таблицами.
Затронутые продукты:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2004 for Mac
 MICROSOFT : Office 2007
 MICROSOFT : Office 2008 for Mac
CVE:CVE-2009-0238 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.)
 CVE-2009-0100 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with "an offset and a two-byte value" that trigger a memory calculation error, aka "Memory Corruption Vulnerability.")
Оригинальный текстdocumentnoreply-secresearch_(at)_fortinet.com, Microsoft Office Excel Remote Memory Corruption Vulnerability (16.04.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-009 - Critical Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557) (14.04.2009)
Файлы:Microsoft Security Bulletin MS09-009 - Critical Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)

Многочисленные уязвимости в Microsoft Wordpad / Microsoft Works
дополнено с 14 апреля 2009 г.
Опубликовано:10 июня 2009 г.
Источник:
SecurityVulns ID:9835
Тип:клиент
Уровень опасности:
6/10
Описание:Переполнения буфера и повреждения памяти при преобразовании из различных форматов.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2009-0235 (Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability.")
 CVE-2009-0088 (The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability.")
 CVE-2009-0087 (Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and the Word 6 text converter in Microsoft Office Word 2000 SP3 and 2002 SP3; allows remote attackers to execute arbitrary code via a crafted Word 6 file that contains malformed data, aka "WordPad and Office Text Converter Memory Corruption Vulnerability.")
 CVE-2008-4841 (The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.)
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS09-024 - Critical Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632) (10.06.2009)
 documentIDEFENSE, iDefense Security Advisory 04.15.09: Microsoft WordPad Word97 Converter Stack Buffer Overflow Vulnerability (16.04.2009)
 documentIDEFENSE, iDefense Security Advisory 04.14.09: Microsoft Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability (14.04.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-010 - Critical Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477) (14.04.2009)
Файлы: Microsoft Security Bulletin MS09-010 - Critical Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution (960477)
 Microsoft Security Bulletin MS09-024 - Critical Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород