Информационная безопасность
[RU] switch to English


DoS против Microsoft Outlook Express / Outlook / Internet Explorer
дополнено с 17 декабря 2008 г.
Опубликовано:19 декабря 2008 г.
Источник:
SecurityVulns ID:9525
Тип:удаленная
Уровень опасности:
6/10
Описание:<dt><h1 style=width:1px><li></h1> в HTML-части письма приводит к отказу программы.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Оригинальный текстdocumentMustLive, New DoS vulnerability in Microsoft Outlook (19.12.2008)
 documentMustLive, New DoS vulnerability in Outlook Express (17.12.2008)
Файлы:DoS exploit N2 for Microsoft Outlook Express

Многочисленные уязвимости безопасности в Mozilla Firefox / Thunderbird / Seamonkey
дополнено с 18 декабря 2008 г.
Опубликовано:19 декабря 2008 г.
Источник:
SecurityVulns ID:9527
Тип:удаленная
Уровень опасности:
8/10
Описание:Межсайтовый скриптинг, обход фильтрации, повреждения памяти, межсайтовый доступ к данным, отслеживание сеансов пользователя, выполнение кода.
Затронутые продукты:MOZILLA : Firefox 2.0
 MOZILLA : Thunderbird 2.0
 MOZILLA : SeaMonkey 1.1
 MOZILLA : Firefox 3.0
CVE:CVE-2008-5513 (Unspecified vulnerability in the session-restore feature in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19 allows remote attackers to bypass the same origin policy, inject content into documents associated with other domains, and conduct cross-site scripting (XSS) attacks via unknown vectors related to restoration of SessionStore data.)
 CVE-2008-5512 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allow remote attackers to run arbitrary JavaScript with chrome privileges via unknown vectors in which "page content can pollute XPCNativeWrappers.")
 CVE-2008-5511 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and conduct cross-site scripting (XSS) attacks via an XBL binding to an "unloaded document.")
 CVE-2008-5510 (The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 ignores the '\0' escaped null character, which might allow remote attackers to bypass protection mechanisms such as sanitization routines.)
 CVE-2008-5508 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not properly parse URLs with leading whitespace or control characters, which might allow remote attackers to misrepresent URLs and simplify phishing attacks.)
 CVE-2008-5507 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy and access portions of data from another domain via a JavaScript URL that redirects to the target resource, which generates an error if the target data does not have JavaScript syntax, which can be accessed using the window.onerror DOM API.)
 CVE-2008-5506 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a resource in a different domain, then reading content from the response, aka "response disclosure.")
 CVE-2008-5505 (Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass intended privacy restrictions by using the persist attribute in an XUL element to create and access data entities that are similar to cookies.)
 CVE-2008-5504 (Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run arbitrary JavaScript with chrome privileges via vectors related to the feed preview, a different vulnerability than CVE-2008-3836.)
 CVE-2008-5503 (The loadBindingDocument function in Mozilla Firefox 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 does not perform any security checks related to the same-domain policy, which allows remote attackers to read or access data from other domains via crafted XBL bindings.)
 CVE-2008-5501 (The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service via vectors that trigger an assertion failure.)
 CVE-2008-5500 (The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to (1) a reahable assertion or (2) an integer overflow.)
Оригинальный текстdocumentChris Evans, Firefox cross-domain text theft (CESA-2008-011) (19.12.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-60 (18.12.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-61 (18.12.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-62 (18.12.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-63 (18.12.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-64 (18.12.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-65 (18.12.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-66 (18.12.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-67 (18.12.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-68 (18.12.2008)
 documentMOZILLA, Mozilla Foundation Security Advisory 2008-69 (18.12.2008)

Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
дополнено с 18 декабря 2008 г.
Опубликовано:19 декабря 2008 г.
Источник:
SecurityVulns ID:9528
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:JOOMLA : Joomla 1.5
 PHPCLANWEBSITE : Phpclanwebsite 2.12
 LITTLECMS : LittleCMS 1.16
CVE:CVE-2008-5317 (Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an allocation of insufficient memory.)
 CVE-2008-4122 (Joomla! 1.5.8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.)
Оригинальный текстdocumentEhsan_Hp200_(at)_hotmail.com, EasySiteNetwork (joke.php?id) Remote SQL injection Vulnerability (18.12.2008)
 documentUBUNTU, [USN-693-1] LittleCMS vulnerability (18.12.2008)
 documentHanno Bock, Joomla: Session hijacking vulnerability, CVE-2008-4122 (18.12.2008)
 documentS4aVRd0w, Многочисленные уязвимости в Phpclanwebsite <= 1.23.3 Fix Pack #5 (18.12.2008)

DoS против Sun Solatis
Опубликовано:19 декабря 2008 г.
Источник:
SecurityVulns ID:9529
Тип:локальная
Уровень опасности:
5/10
Описание:Обращение по нулевому указателю при обработке IOCTL SIOCGTUNPARAM.
Оригинальный текстdocumenttk_(at)_trapkit.de, [TKADV2008-015] Sun Solaris SIOCGTUNPARAM IOCTL Kernel NULL pointer dereference (19.12.2008)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород