Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
дополнено с 17 апреля 2007 г.
Опубликовано:17 апреля 2007 г.
Источник:
SecurityVulns ID:7593
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:WABBIT : Wabbit PHP Gallery 0.9
 PHPNUKE : PHP-Nuke 8.0
 WEBMETHODS : Glue 6.5
 JAMBOOK : Jambook 1.0
 ACTIONPOLL : Actionpoll 1.1
 MYBLOG : MyBlog 0.9
 IVANGALLERY : Ivan Gallery 0.1
 MYLITTLEHOMEPAGE : my little forum 1.7
 MYLITTLEHOMEPAGE : my little weblog
CVE:CVE-2007-2082 (Direct static code injection vulnerability in admin/settings.php in MyBlog 0.9.8 and earlier allows remote authenticated admin users to inject arbitrary PHP code via the content parameter, which can be executed by accessing index.php. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers.)
 CVE-2007-2081 (MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication requirements via the admin cookie parameter to certain admin files, as demonstrated by admin/settings.php.)
 CVE-2007-2073 (PHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the gallery parameter in a new session.)
 CVE-2007-2072 (** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Ivan Gallery Script 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the dir parameter. NOTE: this issue has been disputed by third party researchers for 0.3, stating that the dir variable is properly initialized before use.)
 CVE-2007-2065 (PHP remote file inclusion vulnerability in db/PollDB.php in Robert Ladstaetter ActionPoll 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG_DATAREADERWRITER parameter, a different vector than CVE-2001-1297. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-2064 (Multiple PHP remote file inclusion vulnerabilities in Robert Ladstaetter ActionPoll 1.1.0, and possibly 1.1.1, allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_POLLDB parameter to actionpoll.php or (2) the CONFIG_DB parameter to db/DataReaderWriter.php, different vectors than CVE-2001-1297.)
 CVE-2007-2048 (Directory traversal vulnerability in /console in the Management Console in webMethods Glue 6.5.1 and earlier allows remote attackers to read arbitrary system files via a .. (dot dot) in the resource parameter.)
 CVE-2007-1990 (PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, a different vector than CVE-2007-1968. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
Оригинальный текстdocumentJeremy Epstein, webMethods Security Advisory: Glue console directory traversal vu lnerability (17.04.2007)
 documentpdp (architect), [Full-disclosure] Persistent CSRF and The Hotlink Hell (17.04.2007)
 documentprogrammer_(at)_serbiansite.com, PHP Nuke <= 8.0.0.3.3b SQL Injections and Bypass SQL Injection Protection vulnerabilities (17.04.2007)
 documentRaeD Hasadya, Remot File Include In Script phphd_downloads (17.04.2007)
 documentRaeD Hasadya, Remot File Include download_engine_V1.4.3 (17.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, Wabbit PHP Gallery v0.9 Cross Site Scripting (17.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, my little weblog Cross Site Scripting (17.04.2007)
 documentthe_3dit0r_(at)_yahoo.com, my little forum 1.7 Remote File Include Vulnerabilitiy (17.04.2007)
 documentseko_(at)_se-ko.info, Persistent CSRF and The Hotlink Hell (17.04.2007)
 documentseko_(at)_se-ko.info, ActionPoll Script (actionpoll.php) Remote File Include // starhack.org (17.04.2007)
 documentAesthetico, [MajorSecurity Advisory #45]oe2edit CMS - Cross Site Scripting and Cookie Manipulation Issue (17.04.2007)
 documentjd2k2000_(at)_hotmail.com, Joomla/Mambo Jambook v1.0 beta7 Rfi Vuln. (17.04.2007)
 documentjd2k2000_(at)_hotmail.com, LS simple guestbook - arbitrary code execution (17.04.2007)
Файлы:MyBlog <= 0.9.8 Remote Command Execution Exploit
 Ivan Gallery Script V.0.1 (index.php) Remote File Include Exploit

DoS против Vixie cron в Gentoo Linux
Опубликовано:17 апреля 2007 г.
Источник:
SecurityVulns ID:7595
Тип:локальная
Уровень опасности:
5/10
Описание:Слабые разрешения на файлы позволяют атаку на отказ в выполнении заданий.
Затронутые продукты:VIXIE : cron 4.1
CVE:CVE-2007-1856 (Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service (cron failure) by creating hard links, which results in a failed st_nlink check in database.c.)
Оригинальный текстdocumentGENTOO, [ GLSA 200704-11 ] Vixie Cron: Denial of Service (17.04.2007)

Переполнение буфера в 3proxy
Опубликовано:17 апреля 2007 г.
Источник:
SecurityVulns ID:7596
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера при разборе прозрачного HTTP-запроса.
Затронутые продукты:3PROXY : 3proxy 0.5
 3PROXY : 3proxy 0.6
CVE:CVE-2007-2031 (Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, and 0.6b-devel before 20070413, might allow remote attackers to execute arbitrary code via crafted transparent requests.)
Файлы:3proxy[v0.5.3g]: (win32 service) remote buffer overflow exploit
 3proxy[v0.5.3g]: (linux) remote buffer overflow exploit

Переполнение буфера в ActiveX Akamai Download Manager (buffer overflow)
Опубликовано:17 апреля 2007 г.
Источник:
SecurityVulns ID:7592
Тип:клиент
Уровень опасности:
5/10
Описание:Переполнение буфера в элементе MANAGER.DLMCtrl.1.
Затронутые продукты:AKAMAI : Akamai Download Manager 2.2
CVE:CVE-2007-1892 (Stack-based buffer overflow in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) before 2.2.1.0 allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2007-1891.)
 CVE-2007-1891 (Stack-based buffer overflow in the GetPrivateProfileSectionW function in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) after 2.0.4.4 but before 2.2.1.0 allows remote attackers to execute arbitrary code, related to misinterpretation of the nSize parameter as a byte count instead of a wide character count.)
Оригинальный текстdocumentAKAMAI, Akamai Technologies Security Advisory 2007-0001 (17.04.2007)
 documentIDEFENSE, iDefense Security Advisory 04.16.07: Akamai Download Manager ActiveX Stack Buffer Overflow Vulnerability (17.04.2007)

birthday-атаки на DNS
дополнено с 25 апреля 2003 г.
Опубликовано:17 апреля 2007 г.
Источник:
SecurityVulns ID:2773
Тип:удаленная
Уровень опасности:
6/10
Описание:DNS использует двухбайтовый идентификатор запроса для предотвращения спуфинга. Ответы с неверными идентификаторами игнорируются. Проблема в том, что если пришло несколько одинаковых запросов, все они передаются наружу с разными идентификаторами, но с одного UDP порта. При этом вероятность успешной атаки спуфинга существенно возрастает (эффект дней рождений, у 60 случайных человек вероятность наличия двух с одним днем рождения свыше 95%).
CVE:CVE-2002-2213 (The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.)
 CVE-2002-2212 (The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.)
 CVE-2002-2211 (BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.)
Оригинальный текстdocumentMakoto Shiotsuki, Windows DNS Cache Poisoning by Forwarder DNS Spoofing (17.04.2007)
 documentRamon Izaguirre, An Implementation of a Birthday Attack in a DNS Spoofing (25.04.2003)
Файлы:Implementation of DNS birthday attack

Переполнение буфера в ActiveX Netsprint Toolbar (buffer overflow)
дополнено с 17 апреля 2007 г.
Опубликовано:20 апреля 2007 г.
Источник:
SecurityVulns ID:7594
Тип:клиент
Уровень опасности:
5/10
Описание:Переполнение буфера в интерфейсе isChecked().
Затронутые продукты:NETSPRINT : Netsprint Toolbar 1.1
Оригинальный текстdocumentMichal Bucko, Multiple Ask IE Toolbar denial of service vulnerabilities (20.04.2007)
 documentMichal Bucko, Netsprint Toolbar 1.1 arbitrary remote code vulnerability (17.04.2007)
Файлы:NetSprint Toolbar ActiveX toolbar.dll DOS POC

Многочисленные уязвимости в ZoneAlarm (multiple bugs)
дополнено с 17 апреля 2007 г.
Опубликовано:2 мая 2007 г.
Источник:
SecurityVulns ID:7597
Тип:локальная
Уровень опасности:
5/10
Описание:Недостаточная проверка аргументов перехваченных функций дает многочисленные возможности для повышения привилегий.
Затронутые продукты:ZONELABS : ZoneAlarm Pro 6.5
CVE:CVE-2007-2467 (ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions and other products, allows local users to cause a denial of service (system crash) by sending malformed data to the vsdatant device driver, which causes an invalid memory access.)
 CVE-2007-2083 (vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (system crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateKey and (2) NtDeleteFile functions.)
Оригинальный текстdocumentMatousec - Transparent security Research, ZoneAlarm Insufficient validation of 'vsdatant' driver input buffer Vulnerability (02.05.2007)
 documentReversemode, [Reversemode advisory] CheckPoint Zonelabs - ZoneAlarm SRESCAN driver local privilege escalation (24.04.2007)
 documentIDEFENSE, iDefense Security Advisory 04.20.07: Check Point Zone Labs SRESCAN IOCTL Local Privilege Escalation Vulnerability (21.04.2007)
 documentMatousec - Transparent security Research, ZoneAlarm Multiple insufficient argument validation of hooked SSDT function Vulnerability (17.04.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород