Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Apple Webkit / Safari
дополнено с 8 августа 2010 г.
Опубликовано:14 августа 2010 г.
Источник:
SecurityVulns ID:11040
Тип:библиотека
Уровень опасности:
9/10
Описание:Утечки информации, межсайтовый доступ, многочисленные переполнения буфера и повреждения памяти.
Затронутые продукты:APPLE : Safari 5.0
 APPLE : Safari 4.1
CVE:CVE-2010-1796 (The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to obtain sensitive Address Book Card information via JavaScript code that forces keystroke events for input fields.)
 CVE-2010-1793 (Multiple use-after-free vulnerabilities in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a (1) font-face or (2) use element in an SVG document.)
 CVE-2010-1792 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression.)
 CVE-2010-1791 (Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index.)
 CVE-2010-1790 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to a "reentrancy issue.")
 CVE-2010-1789 (Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object.)
 CVE-2010-1788 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a use element in an SVG document.)
 CVE-2010-1787 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a floating element in an SVG document.)
 CVE-2010-1786 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a foreignObject element in an SVG document.)
 CVE-2010-1785 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, accesses uninitialized memory during processing of the (1) :first-letter and (2) :first-line pseudo-elements in an SVG text element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document.)
 CVE-2010-1784 (The counters functionality in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.)
 CVE-2010-1783 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.)
 CVE-2010-1782 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to the rendering of an inline element.)
 CVE-2010-1780 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to element focus.)
 CVE-2010-1778 (Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed.)
Оригинальный текстdocumentZDI, ZDI-10-154: Apple Webkit Button First-Letter Style Rendering Remote Code Execution Vulnerability (14.08.2010)
 documentZDI, ZDI-10-153: Apple Webkit SVG Floating Text Element Remote Code Execution Vulnerability (14.08.2010)
 documentZDI, ZDI-10-152: Apple WebKit RTL LineBox Overflow Remote Code Execution Vulnerability (14.08.2010)
 documentZDI, ZDI-10-144: Apple Webkit Rendering Counter Remote Code Execution Vulnerability (11.08.2010)
 documentZDI, ZDI-10-146: Apple Webkit Anchor Tag Mouse Click Event Dispatch Remote Code Execution Vulnerability (11.08.2010)
 documentZDI, ZDI-10-141: Apple Webkit SVG ForeignObject Rendering Layout Remote Code Execution Vulnerability (08.08.2010)
 documentZDI, ZDI-10-142: Apple Webkit SVG First-Letter Style Remote Code Execution Vulnerability (08.08.2010)
 documentAPPLE, About the security content of Safari 5.0.1 and Safari 4.1.1 (08.08.2010)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:14 августа 2010 г.
Источник:
SecurityVulns ID:11070
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:SQUIRRELMAIL : squirrelmail 1.4
 MAPSERVER : mapserver 5.6
 WORDPRESS : WordPress 3.0
 SYNTAXCMS : SyntaxCMS 1.3
 HU:LIHAN : Onyx 0.3
 HULIHAN : Mystic 0.1
CVE:CVE-2010-2813 (functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files.)
 CVE-2010-2540 (mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted arguments.)
 CVE-2010-2539 (Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary files.)
 CVE-2009-2964 (Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2091-1] New squirrelmail packages fix cross-site request forgery (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in Mystic (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Mystic (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Mystic (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Onyx (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Onyx (14.08.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in SyntaxCMS (14.08.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in SyntaxCMS (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in Edit-X CMS (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in i-Web Suite (14.08.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in i-Web Suite (14.08.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, Local File Inclusion in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, Local File Inclusion in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in CMS Source (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in eazyCMS (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in eazyCMS (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in eazyCMS (14.08.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in eazyCMS (14.08.2010)
 documentdavid.kurz_(at)_majorsecurity.net, [MajorSecurity SA-080]WordPress 3.0.1 - Cross Site Scripting Issue (14.08.2010)
 documentDEBIAN, [SECURITY] [DSA 2078-1] New mapserver packages fix arbitrary code execution (14.08.2010)

Переполнение буфера в библиотеке gmime
Опубликовано:14 августа 2010 г.
Источник:
SecurityVulns ID:11071
Тип:библиотека
Уровень опасности:
5/10
CVE:CVE-2010-0409 (Buffer overflow in the GMIME_UUENCODE_LEN macro in gmime/gmime-encodings.h in GMime before 2.4.15 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via input data for a uuencode operation.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2082-1] New gmime2.2 packages fix arbitrary code execution (14.08.2010)

DoS против Quick 'n Easy WEB Server / Quick 'n Easy FTP Server
Опубликовано:14 августа 2010 г.
Источник:
SecurityVulns ID:11072
Тип:удаленная
Уровень опасности:
5/10
Описание:Установка большого числа одновременных соединений приводит к отказу сервера.
Затронутые продукты:QUICKNEASY : Quick 'n Easy WEB Server 3.3
 QUICKNEASY : Quick 'n Easy FTP Server 3.2
Оригинальный текстdocumentRodrigo Escobar, [DCA-0007] Quick 'n Easy FTP Server v3.2 (14.08.2010)
 documentRodrigo Escobar, [DCA-0008] Quick 'n Easy WEB Server DoS (14.08.2010)

DoS против Baby ASP Web Server / FTP Server / POP Server
Опубликовано:14 августа 2010 г.
Источник:
SecurityVulns ID:11073
Тип:удаленная
Уровень опасности:
5/10
Описание:Установка большого количества одновременных соединений приводит к отказу сервера.
Затронутые продукты:BABY : Baby FTP Server 1.24
 BABY : Baby ASP Web Server 2.7
 BABY : Baby POP Server 1.04
Оригинальный текстdocumentRodrigo Escobar, [DCA-0006] Baby ASP Web Server DoS (14.08.2010)
 documentRodrigo Escobar, [DCA-0004] Baby FTP Server DoS (14.08.2010)
 documentRodrigo Escobar, [DCA-0005] Baby POP Server DoS (14.08.2010)

DoS против библиотеки libpurple / Pidgin
Опубликовано:14 августа 2010 г.
Источник:
SecurityVulns ID:11074
Тип:библиотека
Уровень опасности:
5/10
Описание:Обращение по нулевому указателю при разборе сообщений по протоколу OSCAR (ICQ, AIM)
Затронутые продукты:PIDGIN : pidgin 2.7
 LIBPURPLE : libpurple 2.7
CVE:CVE-2010-2528 (The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an X-Status message that lacks the expected end tag for a (1) desc or (2) title element.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2010:148 ] pidgin (14.08.2010)

Многочисленные переполнения буфера в libmikmod
дополнено с 8 февраля 2010 г.
Опубликовано:14 августа 2010 г.
Источник:
SecurityVulns ID:10594
Тип:библиотека
Уровень опасности:
5/10
Описание:Переполнения буфера при разборе форматов Impulse Tracker и Ultratracker.
Затронутые продукты:MIKMOD : libmikmod 3.1
CVE:CVE-2010-2546 (Multiple heap-based buffer overflows in loaders/load_it.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and IT_ProcessEnvelope. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3995.)
 CVE-2009-3996 (Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file.)
 CVE-2009-3995 (Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2081-1] New libmikmod packages fix arbitrary code execution (14.08.2010)
 documentSECUNIA, Secunia Research: libmikmod Module Parsing Vulnerabilities (08.02.2010)

Обратный путь в каталогах FTP-сервера TurboFTP
дополнено с 20 июня 2010 г.
Опубликовано:14 августа 2010 г.
Источник:
SecurityVulns ID:10944
Тип:удаленная
Уровень опасности:
5/10
Описание:Обратный путь в каталогах через команду mkdir и move.
Затронутые продукты:TURBOSOFT : TurboFTP Server 1.20
Оригинальный текстdocumentHigh-Tech Bridge Security Research, Directory Traversal Vulnerability in TurboFTP Server (14.08.2010)
 documentleinakesi_(at)_gmail.com, TurboFTP Server Directory Traversal Vulnerability (20.06.2010)

Многочисленные уязвимости безопасности в IRC-клиенте vkirc
дополнено с 29 июня 2010 г.
Опубликовано:14 августа 2010 г.
Источник:
SecurityVulns ID:10961
Тип:удаленная
Уровень опасности:
5/10
Описание:Ошибка форматной строки, обратный путь в каталогах.
Затронутые продукты:KVIRC : kvirc 4.0
CVE:CVE-2010-2785 (The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \r and \40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452.)
 CVE-2010-2452 (Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to overwrite arbitrary files via unknown vectors.)
 CVE-2010-2451 (Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2078-1] New kvirc packages fix arbitrary IRC command execution (14.08.2010)
 documentDEBIAN, [SECURITY] [DSA 2065-1] New kvirc packages fix several vulnerabilities (29.06.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород