Информационная безопасность
[RU] switch to English


Переполнение буфера в Symantec Norton Personal Firewall / Norton Internet Security (buffer overflow)
дополнено с 18 сентября 2006 г.
Опубликовано:15 марта 2007 г.
Источник:
SecurityVulns ID:6623
Тип:локальная
Уровень опасности:
5/10
Описание:Переполнение буфера в интерфейсе драйвера \Device\SymEvent.
Затронутые продукты:SYMANTEC : Norton Personal Firewall 2006
 SYMANTEC : Norton Internet Security 2006
CVE:CVE-2007-1495 (The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.1.7, and possibly other products using symevent.sys 12.0.0.20, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data, a reintroduction of CVE-2006-4855.)
 CVE-2007-1476 (The SymTDI driver in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, and possibly Norton Internet Security 2006 and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver's \Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855.)
 CVE-2006-4855 (The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data.)
Оригинальный текстdocumentMatousec - Transparent security Research, [Full-disclosure] Norton Insufficient validation of 'SymTDI' driver input buffer (15.03.2007)
 documentMatousec - Transparent security Research, SymEvent Driver Local Access System Denial of Service (14.03.2007)
 documentDavid Matousek, Symantec Norton Insufficient validation of 'SymEvent' driver input buffer (18.09.2006)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:15 марта 2007 г.
Источник:
SecurityVulns ID:7409
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:WOLTLAB : Woltlab Burning Board 2.7
 HORDE : Horde 3.1
 IMP : IMP 4.1
 ORIONBLOG : Orion-Blog 2.0
 WEBCREATOR : WebCreator 0.2
 CARE2X : CARE2X 1.1
CVE:CVE-2007-1574 (CARE2X 2.2, and possibly earlier, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-1473 (Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitrary web script or HTML via the new_lang parameter to login.php.)
 CVE-2007-1471 (admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass authentication controls and gain privileges via a direct URL request for admin/AdminBlogNewsEdit.asp.)
 CVE-2007-1459 (Multiple PHP remote file inclusion vulnerabilities in WebCreator 0.2.6-rc3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the moddir parameter to (1) content/load.inc.php, (2) config/load.inc.php, (3) http/load.inc.php, and unspecified other files.)
 CVE-2007-1458 (Multiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) inc_checkdate_lang.php, (2) inc_charset_fx.php, (3) inc_config_color.php, (4) inc_currency_set.php, (5) inc_db_makelink.php, (6) inc_diagnostics_report_fx.php, (7) inc_environment_global.php, (8) inc_front_chain_lang.php, (9) inc_init_crypt.php, (10) inc_load_copyrite.php, or (11) inc_news_save.php in include/; (12) diagnostics-report-index.php, (13) config_options_mascot.php, (14) barcode-labels.php, (15) chg-color.php, or (16) config_options_gui_template.php in main/; or unspecified other files.)
Оригинальный текстdocumentMoritz Naumann, [Full-disclosure] Horde 3.1.4 (RC1) fixes XSS issue (15.03.2007)
 documentMoritz Naumann, [Full-disclosure] Horde IMP Webmail Client version H3 (4.1.4) fixes multiple XSS issues (15.03.2007)
 documenterdc_(at)_echo.or.id, [ECHO_ADV_72$2007] CARE2X (root_path) Remote File Inclusion Vulnerability (15.03.2007)
 documenterdc_(at)_echo.or.id, [ECHO_ADV_74$2007] WebCreator <= 0.2.6-rc3 (moddir) Remote File Inclusion Vulnerability (15.03.2007)
 documentx666_(at)_Safe-mail.net, Woltab Burning Board SQL Injection usergroups.php (15.03.2007)
Файлы:Orion-Blog v2.0 Version Remote Privilege Escalation Exploit
 Woltlab Burning Board 2.X usergroups.php SQL Injection exploit

Подмена содержимого страницы в Microsoft Internet Explorer (page spoofing)
Опубликовано:15 марта 2007 г.
Источник:
SecurityVulns ID:7410
Тип:клиент
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг в ресурсе res://ieframe.dll/navcancl.htm#http://www.site.com позволяет вставить текст в страницу.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-1499 (Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability.")
Оригинальный текстdocumentAviv Raff, Phishing using IE7 local resource vulnerability (15.03.2007)

Целочисленное переполнение в функции Windows Multimedia mmioRead() (integer overflow)
Опубликовано:15 марта 2007 г.
Источник:
SecurityVulns ID:7411
Тип:библиотека
Уровень опасности:
5/10
Описание:Целочисленное переполнение при отрицальтельных значениях параметры.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-1492 (winmm.dll in Microsoft Windows XP allows user-assisted remote attackers to cause a denial of service (infinite loop) via a large cch argument value to the mmioRead function, as demonstrated by a crafted WAV file.)
Оригинальный текстdocumentSECURITEAM, [NT] Windows Multimedia mmioRead DoS Vulnerability (15.03.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород