Информационная безопасность
[RU] switch to English


Обход защиты в Perl
Опубликовано:14 июня 2010 г.
Источник:
SecurityVulns ID:10923
Тип:локальная
Уровень опасности:
5/10
Описание:Обход защиты в Safe.pm
Затронутые продукты:PERL : perl 5.10
CVE:CVE-2010-1447 (The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for Perl, as used in PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, 8.2 before 8.2.17, 8.3 before 8.3.11, 8.4 before 8.4.4, and 9.0 Beta before 9.0 Beta 2, allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving subroutine references and delayed execution.)
 CVE-2010-1168 (The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods.")
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2010:115 ] perl (14.06.2010)

DoS против Web-сервера Cherokee
дополнено с 5 ноября 2009 г.
Опубликовано:14 июня 2010 г.
Источник:
SecurityVulns ID:10376
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ при обращении к специальному имени устройства.
Оригинальный текстdocumentinfo_(at)_securitylab.ir, Cherokee Web Server 0.5.3 Multiple Vulnerabilities (14.06.2010)
 documentdaniel.crowley_(at)_coresecurity.com, Re: Cherokee Web Server 0.5.4 Denial Of Service (05.11.2009)

Выполнение кода в Microsoft Internet Explorer
Опубликовано:14 июня 2010 г.
Источник:
SecurityVulns ID:10924
Тип:клиент
Уровень опасности:
8/10
Описание:Возможно выполнение кода через обработчик hcp://
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Оригинальный текстdocumentTavis Ormandy, Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly (14.06.2010)

Переполнение буфера в pcsc-lite
Опубликовано:14 июня 2010 г.
Источник:
SecurityVulns ID:10927
Тип:локальная
Уровень опасности:
5/10
Описание:Переполнение буфера в PCSCD
Затронутые продукты:PCSCLITE : pcsc-lite 1,4
CVE:CVE-2010-0407 (Multiple buffer overflows in the MSGFunctionDemarshall function in winscard_svc.c in the PC/SC Smart Card daemon (aka PCSCD) in MUSCLE PCSC-Lite before 1.5.4 allow local users to gain privileges via crafted message data, which is improperly demarshalled.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2059-1] New pcsc-lite packages fix privilege escalation (14.06.2010)

Повышение привилегий через win32k в Microsoft Windows
дополнено с 8 июня 2010 г.
Опубликовано:14 июня 2010 г.
Источник:
SecurityVulns ID:10909
Тип:локальная
Уровень опасности:
6/10
Описание:Многочисленные повреждения памяти.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-1255 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability.")
 CVE-2010-0485 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability.")
 CVE-2010-0484 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability.")
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Windows Kernel "GetDCEx()" Memory Corruption Vulnerability (CVE-2010-0484) (14.06.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-032 - Important Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (979559) (08.06.2010)
Файлы:Microsoft Security Bulletin MS10-032 - Important Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (979559)

Многочисленные уязвимости безопасности в Microsoft Office
дополнено с 9 июня 2010 г.
Опубликовано:14 июня 2010 г.
Источник:
SecurityVulns ID:10913
Тип:клиент
Уровень опасности:
7/10
Описание:Выполнение кода через внедренные COM-объекты, многочисленные повреждения памяти в Excel.
Затронутые продукты:MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2004 for Mac
 MICROSOFT : Office 2007
 MICROSOFT : Office 2008 for Mac
CVE:CVE-2010-1263 (Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; Microsoft Office XP SP3; Office 2003 SP3; and Office System 2007 SP1 and SP2 do not properly validate COM objects during instantiation, which allows remote attackers to execute arbitrary code via a crafted file, aka "COM Validation Vulnerability.")
 CVE-2010-1254 (The installation for Microsoft Open XML File Format Converter for Mac sets insecure ACLs for the /Applications folder, which allows local users to execute arbitrary code by replacing the executable with a Trojan Horse, aka "Mac Office Open XML Permissions Vulnerability.")
 CVE-2010-1253 (Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via an Excel file with crafted DBQueryExt records that allow a function call to a "user-controlled pointer," aka "Excel ADO Object Vulnerability.")
 CVE-2010-1252 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability.")
 CVE-2010-1251 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability.")
 CVE-2010-1250 (Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability.")
 CVE-2010-1249 (Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247.)
 CVE-2010-1248 (Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability.")
 CVE-2010-1247 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249.)
 CVE-2010-1246 (Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability.")
 CVE-2010-1245 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821.)
 CVE-2010-0824 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245.)
 CVE-2010-0823 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-1247 and CVE-2010-1249.)
 CVE-2010-0822 (Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability.")
 CVE-2010-0821 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2; Office 2004 for mac; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; allows remote attackers to execute arbitrary code via an Excel file with a crafted SxView record, related to improper validation of unspecified structures, aka "Excel Record Parsing Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-1245.)
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Office Excel ExternName Buffer Overflow Vulnerability (CVE-2010-1249) (14.06.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Office Excel HFPicture Buffer Overflow Vulnerability (CVE-2010-1248) (09.06.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Office Excel WOPT Heap Corruption Vulnerability (CVE-2010-0824) (09.06.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Office Excel RTD Stack Overflow Vulnerability (CVE-2010-1246) (09.06.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Office Excel SxView Memory Corruption Vulnerability (CVE-2010-1245) (09.06.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Office Excel EDG Heap Overflow Vulnerability (CVE-2010-1250) (09.06.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Office Excel RTD Heap Corruption Vulnerability (CVE-2010-1247) (09.06.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Office Excel OBJ Stack Overflow Vulnerability (CVE-2010-0822) (09.06.2010)
 documentZDI, ZDI-10-104: Microsoft Office Excel SxView Record Parsing Remote Code Execution Vulnerability (09.06.2010)
 documentZDI, ZDI-10-103: Microsoft Office Excel DBQueryExt Record Unspecified ADO Object Remote Code Execution Vulnerability (09.06.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-038 - Important Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452) (09.06.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-036 - Important Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235) (09.06.2010)
Файлы:Microsoft Security Bulletin MS10-036 - Important Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution (983235)
 Microsoft Security Bulletin MS10-038 - Important Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (2027452)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:14 июня 2010 г.
Источник:
SecurityVulns ID:10922
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:Plume : Plume CMS 1.2
 MODX : MODx CMS 1.0
 ANECMS : AneCMS 1.3
 BLUEARC : IgnitionSuite 3.0
Оригинальный текстdocumentInj3ct0r.com, Infinity 0-day Denial of Service (14.06.2010)
 documentInj3ct0r.com, ClipBucket AdminPanel edit site Vulnerability (14.06.2010)
 documentPatrick Webster, Paessler - PRTG Traffic Grapher XSS (14.06.2010)
 documentPatrick Webster, Blue Arc Group - IgnitionSuite CMS WebDMailer unsubscribe issue (14.06.2010)
 documentdavid.kurz_(at)_majorsecurity.net, [CORE-2010-0415] SQL Injection in CubeCart PHP Free & Commercial Shopping Cart Application (14.06.2010)
 documentdavid.kurz_(at)_majorsecurity.net, [MajorSecurity SA-070]Plume CMS - change Admin Password via Cross-site Request Forgery (14.06.2010)
 documentdavid.kurz_(at)_majorsecurity.net, [MajorSecurity SA-069]Invision Power Board - stored Cross site Scripting (14.06.2010)
 documentdavid.kurz_(at)_majorsecurity.net, [MajorSecurity SA-068]Anantasoft Gazelle CMS - change admin password via Cross-site Request Forgery (14.06.2010)
 documentx0.root_(at)_gmail.com, Awcm Cms Local File Inclusion Vulnerability (14.06.2010)
 documentdavid.kurz_(at)_majorsecurity.net, [MajorSecurity SA-071]phpFaber CMS - Multiple stored Cross-site Scripting issues (14.06.2010)
 documentdavid.kurz_(at)_majorsecurity.net, [MajorSecurity SA-073]Subdreamer CMS - SQL injection vulnerability (14.06.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in MODx CMS and Application Framework (14.06.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in AneCMS (14.06.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in MODx CMS and Application Framework (14.06.2010)
 documentHigh-Tech Bridge Security Research, Stored XSS vulnerability in AneCMS blog module (14.06.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in MODx CMS (14.06.2010)

Проблемы с шифрованием в продуктах Sourcefire
Опубликовано:14 июня 2010 г.
Источник:
SecurityVulns ID:10926
Тип:m-i-t-m
Уровень опасности:
6/10
Описание:Во всех устройствах используется одинаковый приватный ключ.
Затронутые продукты:SOURCEFIRE : Sourcefire Defense Center 1000
 SOURCEFIRE : Sourcefire 3D Sensor 1000
 SOURCEFIRE : Sourcefire 3D Sensor 2000
 SOURCEFIRE : Sourcefire 3D Sensor 9900
Оригинальный текстdocumentZDI, ZDI-10-107: Multiple Sourcefire Products Static Web SSL Keys Vulnerability (14.06.2010)

Утечка информации через mod_proxy_http в Apache
дополнено с 14 июня 2010 г.
Опубликовано:19 августа 2010 г.
Источник:
SecurityVulns ID:10925
Тип:удаленная
Уровень опасности:
4/10
Описание:При определенных условиях ответ сервера может быть отправлен другому клиенту.
Затронутые продукты:APACHE : Apache 2.2
CVE:CVE-2010-2791 (mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.)
 CVE-2010-2068 (mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2010:153 ] apache (19.08.2010)
 documentAPACHE, [advisory] httpd Timeout detection flaw (mod_proxy_http) CVE-2010-2068 (14.06.2010)

Многочисленные уязвимости безопасности в снифере Wireshart
дополнено с 14 июня 2010 г.
Опубликовано:14 сентября 2010 г.
Источник:
SecurityVulns ID:10928
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные DoS условия, переполнение буфера.
Затронутые продукты:WIRESHARK : Wireshark 1.2
 WIRESHARK : Wireshark 1.4
CVE:CVE-2010-2995 (The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and an off-by-one error, which triggers a buffer overflow, different vulnerabilities than CVE-2010-2287.)
 CVE-2010-2994 (Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.14 and 1.2.0 through 1.2.9 has unknown impact and remote attack vectors. NOTE: this issue exists because of a CVE-2010-2284 regression.)
 CVE-2010-2287 (Buffer overflow in the SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.8 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.)
 CVE-2010-2286 (The SigComp Universal Decompressor Virtual Machine dissector in Wireshark 0.10.7 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.)
 CVE-2010-2285 (The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.)
 CVE-2010-2284 (Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 through 1.0.13 and 1.2.0 through 1.2.8 has unknown impact and remote attack vectors.)
 CVE-2010-2283 (The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 through 1.2.8 allows remote attackers to cause a denial of service (NULL pointer dereference) via unknown vectors.)
Оригинальный текстdocumentyangdn_(at)_nipc.org.cn, Wireshark 1.4.0 Malformed SNMP V1 Packet Denial of Service (14.09.2010)
 documentDEBIAN, [SECURITY] [DSA 2101-1] New wireshark packages fix several vulnerabilities (02.09.2010)
 documentMANDRIVA, [ MDVSA-2010:113 ] wireshark (14.06.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород