Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:20 февраля 2007 г.
Источник:
SecurityVulns ID:7266
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:WEBSPELL : Webspell 4.01
 MEDIAWIKI : MediaWiki 1.8
 MEDIAWIKI : MediaWiki 1.9
 XLATUNES : XLAtunes 0.1
 SNITZ : Snitz Forums 2000 3.1
 HTACCESSPG : Htaccess Passwort Generator 1.1
 VIVVO : Vivvo Article Manager 3.4
 KAYAKO : ESupport 3.04
 NUKESENTINEL : NukeSentinel 2.5
CVE:CVE-2007-1172 (SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit.")
 CVE-2007-1171 (SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05 allows remote attackers to execute arbitrary SQL commands via an admin cookie.)
 CVE-2007-1163 (SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783.)
 CVE-2007-1160 (webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782.)
 CVE-2007-1155 (Unrestricted file upload vulnerability in webSPELL allows remote authenticated administrators to upload and execute arbitrary PHP code via the add squad feature. NOTE: this issue may be an administrative feature, in which case this CVE may be REJECTED.)
 CVE-2007-1154 (SQL injection vulnerability in webSPELL allows remote attackers to execute arbitrary SQL commands via a ws_auth cookie, a different vulnerability than CVE-2006-4782.)
 CVE-2007-1145 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified vectors in the Submit form in a submit action in index.php, and (4) the user's name in index.php; and (5) allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the Admin and Staff Control Panel. NOTE: this might issue overlap CVE-2004-1412, CVE-2005-0487, or CVE-2005-0842.)
 CVE-2007-1055 (Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.9.x before 1.9.0rc2, and 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rs parameter. NOTE: this issue might be a duplicate of CVE-2007-0177.)
 CVE-2007-1054 (Cross-site scripting (XSS) vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer.)
 CVE-2007-1050 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in AbleDesign MyCalendar allow remote attackers to inject arbitrary web script or HTML via (1) the go parameter, (2) the keyword parameter in the search menu (go=search), or (3) the username or (4) the password in a go=Login action.)
 CVE-2007-1031 (Directory traversal vulnerability in include/db_conn.php in SpoonLabs Vivvo Article Management CMS 3.4 allows remote attackers to include and execute arbitrary local files via the root parameter.)
 CVE-2007-1023 (SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 3.1 SR4 allows remote attackers to execute arbitrary SQL commands via the id parameter.)
 CVE-2007-1019 (SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388.)
 CVE-2007-1013 (PHP remote file inclusion vulnerability in generate.php in VirtualSystem Htaccess Passwort Generator 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the ht_pfad parameter.)
Оригинальный текстdocumentHackers Center Security Group, ESupport Multiple HTML Injection Vulnerabilities (20.02.2007)
 documenteyal_(at)_BugSec.com, MediaWiki Cross-site Scripting (20.02.2007)
 documentGuns_(at)_0x90.com.ar, XLAtunes 0.1 (album) Remote SQL Injection Vulnerability (20.02.2007)
 documentsn0oPy.team_(at)_gmail.com, MyCalendar multiple XSS (20.02.2007)
 documentMILW0RM, Vivvo Article Manager 3.4 (root) Local File Inclusion Vulnerability (20.02.2007)
 documentkezzap66345, Htaccess Passwort Generator 1.1 (ht_pfad) RFI Vulnerability (20.02.2007)
 documentXORON, Snitz Forums 2000 Version 3.1 SR4 (pop_profile.asp) Remote SQL Injection Vulnerability (20.02.2007)
Файлы:Exploits webSPELL v4.01.02 (showonly) Remote SQL Injection
 NukeSentinel 2.5.05 (nukesentinel.php) File Disclosure Exploit
 NukeSentinel 2.5.05 (nsbypass.php) Blind SQL Injection Exploit

Переполнение буфера в IDS snort (buffer overflow)
Опубликовано:20 февраля 2007 г.
Источник:
SecurityVulns ID:7267
Тип:удаленная
Уровень опасности:
7/10
Описание:Переполнение буфера при разборе протокола DCE/RPC.
Затронутые продукты:SNORT : snort 2.6
 SNORT : snort 2.7
 SOURCEFIRE : Sourcefire Intrusion Sensors 4.1
 SOURCEFIRE : Sourcefire Intrusion Sensors 4.5
 SOURCEFIRE : Sourcefire Intrusion Sensors 4.6
CVE:CVE-2006-5276 (Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic.)
Оригинальный текстdocumentCERT, US-CERT Technical Cyber Security Alert TA07-050A -- Sourcefire Snort DCE/RPC Preprocessor Buffer Overflow (20.02.2007)
Файлы:Snort DCE/RPC Preprocessor Buffer Overflow (DoS)
 Remote exploit for Snort DCE/RPC preprocessor vulnerability

DoS против IrfanView
Опубликовано:20 февраля 2007 г.
Источник:
SecurityVulns ID:7268
Тип:локальная
Уровень опасности:
2/10
Описание:Зависание программы при открытии повржденных файлов WMF.
Затронутые продукты:IRFANVIEW : IrfanView 3.99
CVE:CVE-2007-1245 (IrfanView 3.99 allows remote attackers to cause a denial of service (application crash) via a malformed WMF file.)
 CVE-2007-1238 (Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.)
Оригинальный текстdocumentsehato, WMF File Denial Of Service (20.02.2007)
Файлы:IrfanView WMF hang PoC

Слабые разрешения в гостевой системе VMWare (weak permissions)
Опубликовано:20 февраля 2007 г.
Источник:
SecurityVulns ID:7269
Тип:локальная
Уровень опасности:
4/10
Описание:Пользователь гостевой системы с установленными VMWare Tools может выполнять некоторые привилегированные операции, например включение/выключение сетевого интерфейса.
Затронутые продукты:VMWARE : VMware Workstation 5.5
CVE:CVE-2007-1056 (VMware Workstation 5.5.3 build 34685 does not provide per-user restrictions on certain privileged actions, which allows local users to perform restricted operations such as changing system time, accessing hardware components, and stopping the "VMware tools service" service. NOTE: exploitation is simplified via (1) weak file permisssions (Users = Read & Execute) for %PROGRAMFILES%\VMware; and weak registry key permissions (access by Users) for (2) vmmouse, (3) vmscsi, (4) VMTools, (5) vmx_svga, and (6) vmxnet in HKLM\SYSTEM\CurrentControlSet\Services\; which allows local users to perform various privileged actions outside of the guest OS by executing certain files under %PROGRAMFILES%\VMware\VMware Tools, as demonstrated by (a) VMControlPanel.cpl and (b) vmwareservice.exe.)
Оригинальный текстdocumentEitan Caspi, [Full-disclosure] VMware Workstation multiple denial of service and isolation manipulation vulnerabilities (20.02.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород