Информационная безопасность
[RU] switch to English


Повышение привилегий во многих продуктах Лаборатории Касперского
Опубликовано:16 декабря 2009 г.
Источник:
SecurityVulns ID:10475
Тип:локальная
Уровень опасности:
6/10
Описание:Папка BASES содержит исполняемые файлы и имеет слабые разрешения.
Затронутые продукты:KASPERSKY : Kaspersky Internet Security 7.0
 KASPERSKY : Kaspersky Internet Security 2009
 KASPERSKY : Kaspersky Anti-Virus 2010
 KASPERSKY : Kaspersky Internet Security 2010
 KASPERSKY : Kaspersky Anti-Virus 2009
 KASPERSKY : Kaspersky Anti-Virus 7.0
 KASPERSKY : Kaspersky Anti-Virus 6.0
Оригинальный текстdocumentShineShadow, Kaspersky Lab Multiple Products Local Privilege Escalation Vulnerability (16.12.2009)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:16 декабря 2009 г.
Источник:
SecurityVulns ID:10477
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:CACTI : cacti 0.8
 FAMILICMS : Family Connections 2.1
 WORDPRESS : WP-Forum 2.3
CVE:CVE-2009-4112 (Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands.)
 CVE-2009-3703 (Multiple SQL injection vulnerabilities in the WP-Forum plugin before 2.4 for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the search_max parameter in a search action to the default URI, related to wpf.class.php; (2) the forum parameter to an unspecified component, related to wpf.class.php; (3) the topic parameter in a viewforum action to the default URI, related to the remove_topic function in wpf.class.php; or the id parameter in a (4) editpost or (5) viewtopic action to the default URI, related to wpf-post.php.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 1954-1] New cacti packages fix insufficient input sanitising (16.12.2009)
 documentISecAuditors Security Advisories, [ISecAuditors Security Advisories] WP-Forum <= 2.3 SQL Injection vulnerabilities (16.12.2009)
 documentSalvatore "drosophila" Fresta, Family Connections <= 2.1.3 Multiple Remote Vulnerabilities (16.12.2009)

Повышение привилегий в VideoCache для squid
Опубликовано:16 декабря 2009 г.
Источник:
SecurityVulns ID:10476
Тип:локальная
Уровень опасности:
4/10
Описание:Возможно повышение привилегий до пользвоателя root при выполнении им утилиты vccleaner
Затронутые продукты:VIDEOCACHE : VideoCache 1.9
Оригинальный текстdocumentDominick LaTrappe, VideoCache 1.9.2 vccleaner root vulnerability (16.12.2009)

Утечка информации в Easy File Sharing Web Server
Опубликовано:16 декабря 2009 г.
Источник:
SecurityVulns ID:10478
Тип:удаленная
Уровень опасности:
5/10
Описание:Открыт доступ к файлу files.sdb.
Затронутые продукты:SHARINGFILE : Easy File Sharing Web Server 5.0
Оригинальный текстdocumentthor_(at)_hammerofgod.com, File Access Vulnerability in Easy File Sharing Web Server (16.12.2009)

Слабые разрешения в антивирусных продуктах Quick Heal
дополнено с 13 октября 2009 г.
Опубликовано:16 декабря 2009 г.
Источник:
SecurityVulns ID:10308
Тип:локальная
Уровень опасности:
5/10
Описание:Слабые разрешения на папку установки.
Затронутые продукты:QUICKHEAL : Quick Heal Antivirus 2009
 QUICKHEAL : Quick Heal Total Security 2009
 QUICKHEAL : Quick Heal Antivirus 2010
 QUICKHEAL : Quick Heal Total Security 2010
Оригинальный текстdocumentProtek Research Lab, {PRL} QuickHeal antivirus 2010 Local Privilege Escalation (16.12.2009)
 documentShineShadow, Quick Heal Local Privilege Escalation Vulnerability (13.10.2009)

Многочисленные уязвимости безопасности в Cisco WebEx Recording Format Player
дополнено с 16 декабря 2009 г.
Опубликовано:2 февраля 2011 г.
Источник:
SecurityVulns ID:10474
Тип:клиент
Уровень опасности:
5/10
Описание:Многочисленные уязвимости при воспроизведении файлов .wrf / .arf
Затронутые продукты:CISCO : Cisco WebEx Recording Format Player 27.10
 CISCO : Cisco WebEx Recording Format Player 27.21
CVE:CVE-2010-3270 (Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before SP21 EP3 and T27LC before SP22 allows user-assisted remote authenticated users to execute arbitrary code by providing a crafted .atp file and then disconnecting from a meeting. NOTE: since this is a site-specific issue with no expected action for consumers, it might be REJECTed.)
 CVE-2010-3269 (Multiple stack-based buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to use of a function pointer in a callback mechanism.)
 CVE-2010-3044 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3043.)
 CVE-2010-3043 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3044.)
 CVE-2010-3042 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3043, and CVE-2010-3044.)
 CVE-2010-3041 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3042, CVE-2010-3043, and CVE-2010-3044.)
 CVE-2009-2880 (Buffer overflow in atrpui.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file.)
 CVE-2009-2879 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2878.)
 CVE-2009-2878 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2879.)
 CVE-2009-2877 (Stack-based buffer overflow in ataudio.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file.)
 CVE-2009-2876 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2878 and CVE-2009-2879.)
 CVE-2009-2875 (Buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 for Windows, 27.x before 27.10.x for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WebEx Recording Format (WRF) file.)
Оригинальный текстdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2010-1001] Cisco WebEx .atp and .wrf Overflow Vulnerabilities (02.02.2011)
 documentCISCO, Cisco Security Advisory: Multiple Cisco WebEx Player Vulnerabilities (02.02.2011)
 documentZDI, ZDI-10-155: Cisco WebEx Player ARF String Parsing Remote Code Execution Vulnerability (25.08.2010)
 documentCISCO, Cisco Security Advisory: Multiple Cisco WebEx WRF Player Vulnerabilities (16.12.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород