Информационная безопасность
[RU] switch to English


Обращение по нулевому указателю в OpenOffice
дополнено с 17 января 2010 г.
Опубликовано:19 января 2010 г.
Источник:
SecurityVulns ID:10525
Тип:локальная
Уровень опасности:
4/10
Описание:Обращение по нулевому указателю при разборе файлов .csv и .slk
Затронутые продукты:OPENOFFICE : OpenOffice 3.1
Оригинальный текстdocumentkarakorsankara_(at)_hotmail.com, OpenOffice for Windows ".slk" File Parsing Null Pointer Vulnerability (19.01.2010)
 documentkarakorsankara_(at)_hotmail.com, Hellcode Research: OpenOffice File Parsing Null Pointer Vulnerability (17.01.2010)

Многочисленные уязвимости безопасности в MySQL
Опубликовано:19 января 2010 г.
Источник:
SecurityVulns ID:10531
Тип:m-i-t-m
Уровень опасности:
5/10
Описание:Подмена сертификата, повышение привилегий, DoS.
Затронутые продукты:ORACLE : MySQL 5.0
 ORACLE : MySQL 5.1
CVE:CVE-2009-4030 (MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.)
 CVE-2009-4028 (The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.)
 CVE-2009-4019 (mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2010:012 ] mysql (19.01.2010)

Переполнение буфера в ActiveX AOL
Опубликовано:19 января 2010 г.
Источник:
SecurityVulns ID:10532
Тип:клиент
Уровень опасности:
6/10
Описание:Переполнение буфера в методе BindToFile.
Затронутые продукты:AOL : AOL 9.5
Оригинальный текстdocumentkarakorsankara_(at)_hotmail.com, AOL 9.5 ActiveX Heap Overflow Vulnerability (19.01.2010)

Повышение привилегий в Sogou
Опубликовано:19 января 2010 г.
Источник:
SecurityVulns ID:10533
Тип:локальная
Уровень опасности:
5/10
Описание:Возможен вызов приложений с правами локальной системы.
Затронутые продукты:SOGOU : Sogou 4.3
Оригинальный текстdocumentk4mr4n_St_(at)_yahoo.com, 0day vulnerability Sogou input method to obtain system privileges (19.01.2010)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:19 января 2010 г.
Источник:
SecurityVulns ID:10534
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:EZCONTENTS : ezContents 2.0
 ROUNDCUBE : Roundcube Webmail 0.2
 ZENOSS : Zenoss 2.3
 XOOPS : Xoops 2.4
CVE:CVE-2009-4077 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that send arbitrary emails via unspecified vectors, a different vulnerability than CVE-2009-4076.)
 CVE-2009-4076 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerability than CVE-2009-4077.)
Оригинальный текстdocumentadmin_(at)_bugreport.ir, Blaze Apps Multiple Vulnerabilities (19.01.2010)
 documentadmin_(at)_bugreport.ir, ezContents CMS Multiple Vulnerabilities (19.01.2010)
 documentMANDRIVA, [ MDVSA-2010:015 ] roundcubemail (19.01.2010)
 documentCodeScan Labs, Multiple Vulnerabilities in XOOPS 2.4.3 and earlier (19.01.2010)
 documentAdam Baldwin, Zenoss Multiple Admin CSRF (19.01.2010)

Многочисленные уязвимости Microsoft Internet Explorer
дополнено с 19 января 2010 г.
Опубликовано:23 января 2010 г.
Источник:
SecurityVulns ID:10530
Тип:клиент
Уровень опасности:
8/10
Описание:0-day уязвимость "использование после освобождения" при обработке createEventObject. <body onload="for(var i=0; i!=10000; i++) ev.srcElement"> <img src=. onerror="ev=createEventObject(event); outerHTML++">, Многочисленные повреждения памяти.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-0249 (Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability.")
 CVE-2010-0248 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability.")
 CVE-2010-0247 (Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2010-0246 (Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0245.)
 CVE-2010-0245 (Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246.)
 CVE-2010-0244 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531.)
 CVE-2010-0027 (The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability.")
 CVE-2009-4074 (The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka "XSS Filter Script Handling Vulnerability.")
Оригинальный текстdocumentnoreply-secresearch_(at)_fortinet.com, FortiGuard Advisory: Microsoft Internet Explorer Remote Memory Corruption Vulnerability (23.01.2010)
 documentZDI, ZDI-10-013: Microsoft Internet Explorer Table Layout Reuse Remote Code Execution Vulnerability (22.01.2010)
 documentZDI, ZDI-10-014: Microsoft Internet Explorer item Object Memory Corruption Remote Code Execution Vulnerability (22.01.2010)
 documentZDI, ZDI-10-011: Microsoft Internet Explorer Table Layout Col Tag Cache Update Remote Code Execution Vulnerability (22.01.2010)
 documentZDI, ZDI-10-012: Microsoft Internet Explorer Baseline Tag Rendering Remote Code Execution Vulnerability (22.01.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-002 - Critical Cumulative Security Update for Internet Explorer (978207) (22.01.2010)
 documentCERT, US-CERT Technical Cyber Security Alert TA10-021A -- Microsoft Internet Explorer Vulnerabilities (22.01.2010)
 documentds.adv.pub_(at)_gmail.com, Code to mitigate IE event zero-day (CVE-2010-0249) (19.01.2010)
Файлы:mitigation for the CVE-2010-0249 IE createEventObject srcElement zero-day
 Microsoft Security Advisory (979352) Vulnerability in Internet Explorer Could Allow Remote Code Execution
 Microsoft Security Bulletin MS10-002 - Critical Cumulative Security Update for Internet Explorer (978207)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород