Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:19 марта 2007 г.
Источник:
SecurityVulns ID:7432
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:WAGORA : W-Agora 4.2
 PHPX : phpx 3.5
 UNCLASSIFIED : Unclassified NewsBoard 1.6
 SQLLEDGER : SQL-Ledger 2.6
 LEDGERSMB : LedgerSMB 1.1
 NPDS : Net Portal Dynamic System 5.10
 METAFORUM : MetaForum 0.513
 CASTILLOCENTRAL : CCleaguePro 1.0
CVE:CVE-2007-1597 (Unclassified NewsBoard 1.6.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain (1) the board log via a direct request for logs/board-YYYY-MM-DD.log, (2) the mail and private message (PM) log via a direct request for logs/email-YY-MM-DD-HH-MM-SS.log, (3) the SQL error message log via a direct request for logs/error-YY-MM.log, and (4) the IP log via a direct request for logs/ip.log.)
 CVE-2007-1551 (Multiple cross-site scripting (XSS) vulnerabilities in phpx 3.5.15 allow remote attackers to inject arbitrary web script or HTML via (1) the signature in "dans profile," or (2) search.php.)
 CVE-2007-1550 (Multiple SQL injection vulnerabilities in phpx 3.5.15 allow remote attackers to execute arbitrary SQL commands via the (1) image_id or (2) cat_id parameter to (a) gallery.php; the (3) news_id parameter to (b) news.php or (c) print.php; (4) the news_cat_id parameter to news.php; the (5) cat_id, (6) topic_id, or (7) post_id parameter to (d) forums.php; or (8) the user_id parameter to (e) users.php.)
 CVE-2007-1549 (Unrestricted file upload vulnerability in gallery.php in phpx 3.5.15 allows remote attackers to upload and execute arbitrary PHP scripts via an addImage action, which places scripts into the gallery/shelties/ directory.)
 CVE-2007-1541 (Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL (%00) character to protect against directory traversal attacks, which allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence in the login parameter.)
 CVE-2007-1540 (Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter. NOTE: this issue was reportedly addressed in SQL-Ledger 2.6.27, however third-party researchers claim that the file is still executed even though an error is generated.)
 CVE-2007-0607 (W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores globals.inc under the web document root with insufficient access control, which allows remote attackers to obtain application path information via a direct request.)
 CVE-2007-0606 (w-agora 4.2.1 allows remote attackers to obtain sensitive information by via the (1) bn[] array parameter to index.php, which expects a string, and (2) certain parameters to delete_forum.php, which displays the path name in the resulting error message.)
Оригинальный текстdocumentJesper Jurcenoks, w-agora version 4.2.1 Multiple Path Disclosure Vulnerabilities (19.03.2007)
 documentJesper Jurcenoks, w-agora version 4.2.1 Information Disclosure Vulnerability (19.03.2007)
 documentlaurent gaffié, phpx 3.5.15 multiples vulnerabilities (19.03.2007)
 documentsnakeapollon_(at)_yahoo.com, CCleaguePro_V1.0.1RC1 Directory Traversal Vulnerability (19.03.2007)
 documentlaurent gaffié, Unclassified NewsBoard 1.6.3 multiples logs disclosure (19.03.2007)
 documentaeroxteam_(at)_gmail.com, MetaForum <= 0.513 Beta - Remote file upload Vulnerability (19.03.2007)
 documentChris Travers, Full Disclosure: Arbitrary execution vulnerability in SQL-Ledger and LedgerSMB (19.03.2007)
Файлы:Net Portal Dynamic System (NPDS) <= 5.10 Remote Code Execution 0day

Проблемы символьных линков в Linux Security Auditing Tool (symbolic links)
Опубликовано:19 марта 2007 г.
Источник:
SecurityVulns ID:7433
Тип:локальная
Уровень опасности:
5/10
Описание:Проблема символьных линков при создании временного файла.
Затронутые продукты:LSAT : lsat 0.9
CVE:CVE-2007-1500 (The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using /tmp/lsat1.lsat.)
Оригинальный текстdocumentGENTOO, [ GLSA 200703-20 ] LSAT: Insecure temporary file creation (19.03.2007)

Ошибка форматной строки в антивирусе F-Secure (format string)
Опубликовано:19 марта 2007 г.
Источник:
SecurityVulns ID:7434
Тип:локальная
Уровень опасности:
5/10
Описание:Ошибка форматной строки в имени сервера управления дает возможность локального повышенип привилегий.
Затронутые продукты:F-SECURE : F-Secure Anti-Virus Client Security 6.02
CVE:CVE-2007-1557 (Format string vulnerability in F-Secure Anti-Virus Client Security 6.02 allows local users to cause a denial of service and possibly gain privileges via format string specifiers in the Management Server name field on the Communication settings page.)
Оригинальный текстdocumentDeral Heiland, Layered Defense Research Advisory: F-Secure Anti-Virus Client Security 6.02 Format String Vulnerability (19.03.2007)

DoS через NDISTAPI в Microsoft Windows
Опубликовано:19 марта 2007 г.
Источник:
SecurityVulns ID:7435
Тип:локальная
Уровень опасности:
5/10
Описание:При обработке исключительных ситуаций устройства \Device\NdisTapi URQL остается на уровне DISPATCH при возврате потока в пользвоательский режим, что приводит к краху системы (BSOD) c IRQL_LESS_THAN_NOT_EQUAL.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2007-1537 (\Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function.)
Оригинальный текстdocumentReversemode, [Reversemode Advisory] Microsoft Windows Ndistapi.sys IRQL escalation (19.03.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород