Информационная безопасность
[RU] switch to English


Переполнение буфера в FTP-сервере bftpd (buffer overflow)
Опубликовано:19 апреля 2007 г.
Источник:
SecurityVulns ID:7605
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:BFTPD : bftpd 1.7
CVE:CVE-2007-2051 (Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable.)

Многочисленные уязвимости в TinyMux (multiple vulnerabilities)
Опубликовано:19 апреля 2007 г.
Источник:
SecurityVulns ID:7609
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные условия отказа в обслуживании.
Затронутые продукты:TINYMUX : TinyMUX 2.3
CVE:CVE-2007-1959 (Unspecified vulnerability in the process_cmdent function in command.cpp in TinyMUX before 2.4 has unknown impact and attack vectors, related to lack of the "'other half' of buffer overflow protection.")
 CVE-2007-1958 (Buffer overflow in TinyMUX before 2.4 allows attackers to cause a denial of service via unspecified vectors related to "too many substring matches in a regexp $-command." NOTE: some of these details are obtained from third party information.)

DoS через AppleTalk в Linux
Опубликовано:19 апреля 2007 г.
Источник:
SecurityVulns ID:7611
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ в обслуживании при разборе фрейма AppleTalk.
Затронутые продукты:LINUX : kernel 2.6
CVE:CVE-2007-1357 (The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before 2.6.21, and possibly 2.4.x, allows remote attackers to cause a denial of service (crash) via an AppleTalk frame that is shorter than the specified length, which triggers a BUG_ON call when an attempt is made to perform a checksum.)

Многочисленные уязвимости в IBM WebSphere (multiple bugs)
Опубликовано:19 апреля 2007 г.
Источник:
SecurityVulns ID:7612
Тип:удаленная
Уровень опасности:
6/10
Описание:Ошибка двойного освобождения памяти. Уязвимость в Servlet Engine.
Затронутые продукты:IBM : WebSphere 6.1
CVE:CVE-2007-1945 (Unspecified vulnerability in the Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) before 6.1.0.7 has unknown impact and attack vectors.)
 CVE-2007-1944 (The Java Message Service (JMS) in IBM WebSphere Application Server (WAS) before 6.1.0.7 allows attackers to cause a denial of service via unknown vectors involving the "double release [of] a bytebuffer input stream," possibly a double-free vulnerability.)

Многочисленные DoS-условия в lighttpd
Опубликовано:19 апреля 2007 г.
Источник:
SecurityVulns ID:7603
Тип:удаленная
Уровень опасности:
6/10
Описание:Обращение по нулевому указателю, вечный цикл.
Затронутые продукты:LIGHTTPD : lighttpd 1.4
CVE:CVE-2007-1870 (lighttpd before 1.4.14 allows attackers to cause a denial of service (crash) via a request to a file whose mtime is 0, which results in a NULL pointer dereference.)
 CVE-2007-1869 (lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial of service (cpu and resource consumption) by disconnecting while lighttpd is parsing CRLF sequences, which triggers an infinite loop and file descriptor consumption.)

Повышение привилегий через ScramDisk 4 для Linux
Опубликовано:19 апреля 2007 г.
Источник:
SecurityVulns ID:7607
Тип:локальная
Уровень опасности:
5/10
Описание:Можно подмонтировать образ к системному каталогу, разрешается suid-bit.
Затронутые продукты:SCRAMDISK : ScramDisk 4 1.0
CVE:CVE-2007-2075 (ScramDisk 4 Linux before 1.0-1 does not perform permission checks on mount points, which allows local users to gain privileges by using a system directory as a mount point for a container.)
 CVE-2007-2074 (Certain programs in containers in ScramDisk 4 Linux before 1.0-1 execute with SUID permissions, which allows local users to gain privileges via mounted containers.)

Переполнение буфера в ActiveX Roxio CinePlayer (buffer overflow)
Опубликовано:19 апреля 2007 г.
Источник:
SecurityVulns ID:7613
Тип:клиент
Уровень опасности:
5/10
Описание:Переполнение буфера в SonicDVDDashVRNav.dll.
Затронутые продукты:ROXIO : CinePlayer 3.2
CVE:CVE-2007-1559 (Stack-based buffer overflow in SonicDVDDashVRNav.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via unspecified properties and methods in the SonicDVDDashVRNav.dll ActiveX control.)

Межсайтовый скриптинг в плагине Mozilla Wizz RSS Reader (crossite scripting)
Опубликовано:19 апреля 2007 г.
Источник:
SecurityVulns ID:7610
Тип:клиент
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг через RSS-подписки.
Затронутые продукты:MOZILLA : Wizz RSS Reader 2.1
CVE:CVE-2007-2060 (Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM.)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:19 апреля 2007 г.
Источник:
SecurityVulns ID:7602
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:GALLERY : Gallery 1.2
 E107 : e107 0.7
 MYBB : MyBB 1.2
 WSDELUXE : NMDeluxe 1.0
 SUNSHOP : SunShop 3.5
 CODEBREAK : CodeBreak 1.1
 JOOMLA : JoomlaPack 1.0 module for Joomla
 JOOMLA : Joomla Template Be2004-2
 JOOMLA : AutoStand Category module for Joomla
 JOOMLA : New Article Component 1.1 module for Joomla
 JOOMLA : Tosmo Mambo 4.0 module for Joomla
 JOOMLA : Calendar (Agenda) 155 module for Joomla
 MXBB : MX Smartor FAP 2.0 module for MXBB
 MXBB : Shotcast 1.0 module for MXBB
 REZERVI : Rezervi Generic 0.9
 OPENMAIRIE : openMairie 1.11
 XOOPS : tsdisplay4xoops 0.1 module for Xoops
 AUDIOCMS : arash 0.1
 WEBSLIDER : Web Slider 0.6
 GARENNES : Garennes 0.6
 WEBKALK2 : WebKalk2 1.9
 JGALLERY : jGallery 1.3
 SUBSYSTEM : Mozzers SubSystem 1.0
 AIMSTATS : AimStats 3.2
 ZOMPLOG : Zomplog 3.8
 ANTHOLOGIA : ANTHOLOGIA 0.5
 MINIGAL : MiniGal b13
 CARBON : Cabron Connector 1.1
 RICARGBOOK : RicarGBooK 1.2
 SHOUTPRO : ShoutPro 1.5
 LSSIMPLE : LS simple guestbook 1
 EXPOW : Expow 0.8
 QDBLOG : QDBlog 0.4
 FROGSS : Frogss CMS 0.7
 PAPOO : Papoo 3.02
 CNSTATS : CNStats 2.9
 PIXARIA : Pixaria Gallery 1.4
 OSP : OpenSurvayPilot 1.2
 CREADIRECTORY : CreaDirectory 1.2
 XAMPP : XAMPP for Windows 1.6
 USEBB : UseBB 1.0
 OPENGROTTO : Open-gorotto 2.0
 OPENADS : Openads 2.3
 SIMPCMS : SimpCMS Light 04.10.2007
CVE:CVE-2007-2080 (Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows allow remote attackers to execute arbitrary SQL commands via unspecified vectors in certain test scripts.)
 CVE-2007-2079 (The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact. NOTE: it could be argued that this is an issue in mssql_connect (CVE-2007-1411.1) in PHP, or an issue in the ADOdb Library, and the proper fix should be in one of these products; if so, then this should not be treated as a vulnerability in XAMPP.)
 CVE-2007-2071 (Multiple cross-site scripting (XSS) vulnerabilities in Open-gorotto 2.0a 2006/02/08 edition, 2006/03/19 edition, and 2006/04/07 edition before 20070416 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) pub/modules/d/_top.html; (2) /pub/modules/a/_access.html; (3) _circletop.html or (4) _cir66.html in pub/modules/ci/; or (5) _fri66.html, (6) _inv66.html, (7) _top.html, (8) _friends.html, or (9) _fri33.html in pub/modules/f/.)
 CVE-2007-2070 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart before 3.5.1 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) index.php or (2) checkout.php.)
 CVE-2007-2069 (Directory traversal vulnerability in scr/soustab.php in openMairie 1.11 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the dsn[phptype] parameter.)
 CVE-2007-2068 (Multiple PHP remote file inclusion vulnerabilities in the StoreFront mods for Gallery allow remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter to (1) mods/business_functions.php or (2) mods/ui_functions.php.)
 CVE-2007-2067 (Multiple PHP remote file inclusion vulnerabilities in Marco Antonio Islas Cruz Web Slider (WebSlider) 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) index.php, (2) modules/pdf.php, (3) plugins/highlight.php, or (4) include/modules.php.)
 CVE-2007-2066 (UseBB before 1.0.6 allows remote attackers to obtain sensitive information via a request with unspecified GET or POST parameters to an unspecified script, which reveals the path in an error message.)
 CVE-2007-2050 (Multiple directory traversal vulnerabilities in header.php in RicarGBooK 1.2.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) a lang cookie or (2) the language parameter.)
 CVE-2007-2049 (Multiple PHP remote file inclusion vulnerabilities in the Calendar Module (com_calendar) 1.5.5 for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) com_calendar.php or (2) mod_calendar.php.)
 CVE-2007-2047 (CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 (aka Max Media Manager, MMM) before 0.3.31-alpha-pr3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the destination parameter. NOTE: some of these details are obtained from third party information.)
 CVE-2007-2046 (Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads (phpAdsNew) 2.0.11 and earlier and (b) Openads for PostgreSQL (phpPgAds) 2.0.11 and earlier allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in (1) the dest parameter and (2) the Referer HTTP header. NOTE: some of these details are obtained from third party information.)
 CVE-2007-2044 (PHP remote file inclusion vulnerability in mod_weather.php in the Antonis Ventouris Weather module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter.)
 CVE-2007-2043 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia (com_mosmedia) 1.08 and earlier module for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) media.tab.php or (2) media.divs.php.)
 CVE-2007-2042 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite 1.0.6 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) support.html.php or (2) info.html.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-2009 (PHP remote file inclusion vulnerability in index.php in SimpCMS Light 04.10.2007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site parameter.)
 CVE-2007-1976 (** DISPUTED ** PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. NOTE: the issue has been disputed by a reliable third party, stating that the application's checkSuperglobals function defends against the attack.)
Оригинальный текстdocumentCyberGhost, CreaDirectory v1.2 Remote SQL Injection Vulnerability (19.04.2007)
 documentAlkomandoz Hacker, osp <= 1.2.1 (cfgPathToProjectAdmin) Remote File Include Vulnerablities (19.04.2007)
 documentAlkomandoz Hacker, AjPortal2Php (PagePrefix) Remote File Inclusion Vulnerabilities (19.04.2007)
 documentAlkomandoz Hacker, StoreFront for Gallery (GALLERY_BASEDIR) Remote File Inclusion Vulnerabilities (19.04.2007)
 documentirvian, sunshop 4 (index.php) Remote File Include Vulnerability (19.04.2007)
 documentirvian, CNStats 2.9 (who_r.php) Remote File Include Vulnerability (19.04.2007)
 documentirvian, Pixaria Gallery 1.x (class.Smarty.php) Remote File Include Vulnerability (19.04.2007)
 documentomnipresent_(at)_email.it, QDBlog v0.4 - MULTIPLE VULNERABILITIES (19.04.2007)
 documentbilkopat_(at)_hotmail.com, Expow 0.8 File manager Autoindex.php (cfg_file) Remote File Inclusion Vulnerability (19.04.2007)
 documentGammarays, LS simple guestbook (v1) Remote Code Execution Vulnerability (19.04.2007)
 documentDj7xpl, RicarGBooK 1.2.1 (header.php lang) Local File Inclusion Vulnerability (19.04.2007)
 documentDj7xpl, Cabron Connector 1.1.0-Full Remote File Inclusion Vulnerability: (19.04.2007)
 documentDj7xpl, Anthologia 0.5.2 (index.php ads_file) Remote File Inclusion Vulnerability (19.04.2007)
 documentDj7xpl, Zomplog 3.8 (force_download.php file) Remote File Disclosure Vuln (19.04.2007)
 documentDj7xpl, Mozzers SubSystem final (subs.php) Remote Code Execution Vulnerability (19.04.2007)
 documentDj7xpl, jGallery 1.3 (index.php) Remote File Inclusion Vulnerability (19.04.2007)
 documentGolD_M, WebKalk2 1.9.0 Remote File Include Vulnerablity (19.04.2007)
 documentGolD_M, Garennes 0.6.1 <= Remote File Include Vulnerablites (19.04.2007)
 documentGolD_M, Web Slider 0.6(path)Remote File Inclusion Vulnerabilities (19.04.2007)
 documentGolD_M, audioCMS arash 0.1.4(arashlib_dir)Remote File Inclusion Vulnerabilities (19.04.2007)
 documentGolD_M, Gallery 1.2.5 <= Remote File Include Vulnerablites (19.04.2007)
 documentGolD_M, tsdisplay4xoops 0.1(xoops_url)Remote File Include Vulnerabilitiy (19.04.2007)
 documentGolD_M, openMairie 1.11(/scr/soustab.php)Local File Inclusion Vulnerabilitiy (19.04.2007)
 documentGolD_M, Rezervi Generic 0.9(root)Remote File Include Vulnerablities (19.04.2007)
 documentbd0rk_(at)_hackermail.com, mxBB Module MX Smartor FAP 2.0 RC1 Remote File Inclusion Vulnerability (19.04.2007)
 documentMahmood_ali, com_mosmedia for Mambo & Jommla <= Remote File Include Vulnerability (19.04.2007)
 documentCold Zero, Mambo module Calendar (Agenda) <= 155 (com_calendar.php) Multiple RFI Vuln (19.04.2007)
 documentCold Zero, Mambo/Joomla Module Weather (absolute_path) Remote File include Vuln (19.04.2007)
 documentCold Zero, Tosmo Mambo <= 4.0.12 (absolute_path) Multiple RFI Vulnerabilities (19.04.2007)
 documentCold Zero, Mambo/Joomla Component New Article Component <= 1.1 (absolute_path) Multiple RFI (19.04.2007)
 documentCold Zero, Joomla Module AutoStand Category <= 1.1 Remote File include Vulnerabilities (19.04.2007)
 documentCold Zero, Jommla Component JoomlaPack 1.0.4a2 RE (CAltInstaller.php) Remote File Include Vulnerabilities (19.04.2007)
Файлы:Exploits CodeBreak (codebreak.php process_method) - Remote File Inclusion Vulnerability
 Mybb <= 1.2.2 Remote SQL Injecton Exploit v.2.0
 Frogss CMS <= 0.7 SQL Injection Exploit
 freePBX 2.2.x full-log XSS PoC
 Papoo <= 3.02 (kontakt menuid) Remote SQL Injection Exploit
 MiniGal b13 Remote Code Execution Exploit
 E107 - (v0.7.8) Access Escalation Vulnerbility - PoC
 Joomla Template Be2004-2 (index.php) Remote File Include Exploit
 mxBB Module MX Shotcast 1.0 RC2 (getinfo1.php) Remote File Include Exploit
 AimStats 3.2 (process.php update) Remote Code Execution Exploit
 ShoutPro <= 1.5.2 (shout.php) Remote Code Injection Exploit
 NMDeluxe 1.0.1 (template) Local File Inclusion Exploit
 XAMPP for Windows <= 1.6.0a adodb.php/mssql_connect() remote buffer overflow proof-of-concept exploit

Утечка информации в Python (information leak)
Опубликовано:19 апреля 2007 г.
Источник:
SecurityVulns ID:7604
Тип:библиотека
Уровень опасности:
5/10
Описание:Функция strxfrm позволяет читать содержимое памяти.
Затронутые продукты:PYTHON : python 2.4
 PYTHON : python 2.5
CVE:CVE-2007-2052 (Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.)

Проблемы символьных линков в lha
Опубликовано:19 апреля 2007 г.
Источник:
SecurityVulns ID:7606
Тип:локальная
Уровень опасности:
5/10
Описание:Проблемы символьных линков при создании временных файлов.
CVE:CVE-2007-2030 (lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked.)

DoS через IP-пакеты в Sun Solaris
Опубликовано:19 апреля 2007 г.
Источник:
SecurityVulns ID:7608
Тип:удаленная
Уровень опасности:
6/10
Затронутые продукты:ORACLE : Solaris 8
 ORACLE : Solaris 9
 ORACLE : Solaris 10
CVE:CVE-2007-2045 (Unspecified vulnerability in the IP implementation in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (CPU consumption) via crafted IP packets, probably related to fragmented packets with duplicate or missing fragments.)
Файлы:SunOS 5.10 ICMP Remote Kernel Crash Exploit Code

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород