Информационная безопасность
[RU] switch to English


Переполнение буфера в Microsoft Help Workshop (buffer overflow)
дополнено с 18 января 2007 г.
Опубликовано:20 января 2007 г.
Источник:
SecurityVulns ID:7068
Тип:локальная
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе файла .cnt / .hpj
Затронутые продукты:MICROSOFT : Microsoft Help Workshop 4.03
CVE:CVE-2007-0427 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a help project (.HPJ) file with a long HLP field in the OPTIONS section.)
 CVE-2007-0352 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string.)
Оригинальный текстdocumentporkythepig_(at)_anspi.pl, Help project files (.HPJ) buffer overflow vulnerability in Microsoft Help Workshop (20.01.2007)
 documentporkythepig_(at)_anspi.pl, Microsoft Help Workshop .CNT contents files buffer overflow vulnerability (18.01.2007)
Файлы:PoC exploit for (.HPJ) project files buffer overflow vulnerability in Microsoft Help Workshop v4.03.0002
 PoC exploit for .cnt files buffer overflow vulnerability in Microsoft Help Workshop v4.03.0002

DoS против ipfilter в HP-UX
Опубликовано:20 января 2007 г.
Источник:
SecurityVulns ID:7070
Тип:удаленная
Уровень опасности:
6/10
Описание:Отказ системы при получении определенного пакета.
Затронутые продукты:HP : HP-UX 11.23
CVE:CVE-2007-0818 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-0396. Reason: This candidate is a duplicate of CVE-2007-0396. Notes: All CVE users should reference CVE-2007-0396 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
 CVE-2007-0396 (Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in combination with PHNE_34474, allows remote attackers to cause a denial of service (system crash) via unspecified vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBUX02181 SSRT061289 rev.1 - HP-UX Running IPFilter, Remote Unauthorized Denial of Service (DoS) (20.01.2007)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:20 января 2007 г.
Источник:
SecurityVulns ID:7072
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:SMF : Simple Machines Forum 1.1
 ARSDIGITA : Ars Digita Community System 4.2
 ARSDIGITA : ACS-Java 3.4
 ARSDIGITA : ACS-Java 4.0
 ARSDIGITA : ACS-Java 4.7
 SUBROSUS : sabros.us 1.7
 EASYEBAYRESOURCE : Login Manager 3.0
CVE:CVE-2007-0468 (Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a long file path in the "1 TYPELIB MOVEABLE PURE" option in an RC file.)
 CVE-2007-0403 (SQL injection vulnerability in admin/memberlist.php in Easebay Resources Paypal Subscription Manager allows remote attackers to execute arbitrary SQL commands via the keyword parameter.)
 CVE-2007-0402 (Cross-site scripting (XSS) vulnerability in admin/edit_member.php in Easebay Resources Paypal Subscription Manager allows remote attackers to inject arbitrary web script or HTML via the username parameter.)
 CVE-2007-0401 (SQL injection vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the init_row parameter.)
 CVE-2007-0400 (Cross-site scripting (XSS) vulnerability in admin/memberlist.php in Easebay Resources Login Manager 3.0 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.)
 CVE-2007-0399 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in Simple Machines Forum (SMF) 1.1 RC3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) recipient or (2) BCC field when selecting send in a pm action.)
 CVE-2007-0398 (Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in Arnaud Guyonne (aka Arnotic) a-forum allow remote attackers to inject arbitrary web script or HTML via the (1) Sujet or (2) Pseudo field.)
 CVE-2007-0390 (Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 allows remote attackers to inject arbitrary web script or HTML via the tag parameter.)
 CVE-2007-0389 (Directory traversal vulnerability in ArsDigita Community System (ACS) 3.4.10 and earlier, and ArsDigita Community Education Solution (ACES) 1.1, allows remote attackers to read arbitrary files via .%252e/ (double-encoded dot dot slash) sequences in the URI.)
Оригинальный текстdocumentAdvisory_(at)_Aria-Security.net, SMF "index.php?action=pm" Cross Site-Scripting (20.01.2007)
 documentHackers Center Security Group, Paypal Subscription Manager Multiple HTML Injections (20.01.2007)
 documentHackers Center Security Group, Login Manager Multiple HTML Injections (20.01.2007)
 documentsn0oPy_(at)_avenir-geopolitique.net, a-forum xss (20.01.2007)
 documentCorryL, [x0n3-h4ck] sabros.us 1.7 XSS Exploit (20.01.2007)
 documentHackers Center Security Group, MyShoutBox Multiple Cross-Site Scripting Vulnerability (20.01.2007)
 documentElliot Kendall, Directory Traversal in ArsDigita Community System (20.01.2007)

DoS против Mac OS X
Опубликовано:20 января 2007 г.
Источник:
SecurityVulns ID:7074
Тип:локальная
Уровень опасности:
5/10
Описание:Не проверяются параметры системного вызова shared_region_map_file_np(), что позволяет занять всю доступную память ядра.
Затронутые продукты:APPLE : Mac OS X 10.4
CVE:CVE-2007-0430 (The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value.)
Оригинальный текстdocumentRISE Security, [RISE-2007001] Apple Mac OS X 10.4.x kernel shared_region_map_file_np() memory corruption vulnerability (20.01.2007)
Файлы:Exploits Mac OS X 10.4.x kernel shared_region_map_file_np() memory exhaustion

Ошибка форматной строки в клиенте BitDefender (format string)
Опубликовано:20 января 2007 г.
Источник:
SecurityVulns ID:7073
Тип:локальная
Уровень опасности:
5/10
Описание:Ошибка форматной строки при журналировании параметров процесса сканирования.
Затронутые продукты:BITDEFENDER : BitDefender Client Professional 8.02
CVE:CVE-2007-0391 (Format string vulnerability in the log creation functionality of BitDefender Client Professional Plus 8.02 allows attackers to execute arbitrary code via certain scan job settings.)
Оригинальный текстdocumentDeral Heiland, Layered Defense Research Advisory: BitDefender Client 8.02 Format String Vulnerability (20.01.2007)

DoS против маршрутизатора IP-телефонии AVM Fritz!Box
Опубликовано:20 января 2007 г.
Источник:
SecurityVulns ID:7075
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ при получении пустого UDP-Пакета в порт UDP/5060 (SIP).
Затронутые продукты:AVM : Fritz!Box 750
CVE:CVE-2007-0431 (AVM Fritz!Box 7050, and possibly other product models, allows remote attackers to cause a denial of service (VoIP application crash) via a zero-length UDP packet to the SIP port (port 5060).)
Оригинальный текстdocumentCollin R. Mulliner, DoS against AVM Fritz!Box 7050 (and others) (20.01.2007)

Криптографические проблемы с проверкой сертификатов TLS, SSL, SSH в Cisco CS MARS и Cisco ASDM
Опубликовано:20 января 2007 г.
Источник:
SecurityVulns ID:7071
Тип:удаленная
Уровень опасности:
6/10
Описание:При подключении к устройству для управления не проверяется сертификат данного устройства.
Затронутые продукты:CISCO : CS-MARS 4.2
 CISCO : ASDM 5.2
CVE:CVE-2007-0397 (The Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.3 and Adaptive Security Device Manager (ASDM) before 5.2(2.54) do not validate the SSL/TLS certificates or SSH public keys when connecting to devices, which allows remote attackers to spoof those devices to obtain sensitive information or generate incorrect information.)
Оригинальный текстdocumentCISCO, Cisco Security Advisory: SSL/TLS Certificate and SSH Public Key Validation Vulnerability (20.01.2007)

Повышение привилегий через grsecurity (privilege escalation)
дополнено с 12 января 2007 г.
Опубликовано:20 января 2007 г.
Источник:
SecurityVulns ID:7045
Тип:локальная
Уровень опасности:
7/10
Описание:Повышение привилегий через expand_stack().
Затронутые продукты:GRSECURITY : grsecurity 2.1
CVE:CVE-2007-0257 (** DISPUTED ** Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. As of 20070120, the original researcher has released demonstration code.)
 CVE-2007-0253 (** DISPUTED ** Unspecified vulnerability in the grsecurity patch has unspecified impact and remote attack vectors, a different vulnerability than the expand_stack vulnerability from the Digital Armaments 20070110 pre-advisory. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven.)
Оригинальный текстdocumentinfo_(at)_digitalarmaments.com, Digital Armaments Security Advisory 20.01.2007: Grsecurity Kernel PaX Vulnerability (20.01.2007)
 documentinfo_(at)_digitalarmaments.com, Digital Armaments Security Pre-Advisory 11.01.2007: Grsecurity Kernel PaX - Local root vulnerability (12.01.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород