Информационная безопасность
[RU] switch to English


Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:20 апреля 2009 г.
Источник:
SecurityVulns ID:9858
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:LCMS : LittleCMS 1.18
 CLANTIGER : ClanTiger 1.1
 MLECSPHP : Multi-lingual E-Commerce System 0.2
 SUNGARD : Banner Student System 7.4
 WYSGUI : WysGui CMS 1.2
 CREASITO : creasito e-commerce content manager 1.3
CVE:CVE-2009-0793 (cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect code for "transformations of monochrome profiles.")
 CVE-2009-0733 (Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions.)
 CVE-2009-0723 (Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.)
 CVE-2009-0581 (Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allows context-dependent attackers to cause a denial of service (memory consumption and application crash) via a crafted image file.)
Оригинальный текстdocumentSalvatore "drosophila" Fresta, Creasito e-commerce content manager Authentication Bypass (20.04.2009)
 documenty3nh4ck3r_(at)_gmail.com, Multiple Remote Vulnerabilities--SQLi-(INSECURE-COOKIE-HANDLING)-LFI--> (20.04.2009)
 documenty3nh4ck3r_(at)_gmail.com, WysGui CMS 1.2 BETA(Insecure Cookie Handling)--Blind-sql-injection-exploit--> (20.04.2009)
 documentreportback_(at)_readthepost.com, Sungard Banner System XSS (20.04.2009)
 documentSalvatore "drosophila" Fresta, Multi-lingual E-Commerce System 0.2 Multiple Remote Vulnerabilities (20.04.2009)
 documenty3nh4ck3r_(at)_gmail.com, CLAN TIGER CMS 1.1.1 (AUTH BYPASS) SQL-INJECTION (20.04.2009)
 documentGENTOO, [ GLSA 200904-19 ] LittleCMS: Multiple vulnerabilities (20.04.2009)
Файлы:Exploits WysGui CMS 1.2 BETA(cookie) BSQL

Смена пароля в беспроводных маршрутизаторах Linksys WRT54GC
Опубликовано:20 апреля 2009 г.
Источник:
SecurityVulns ID:9859
Тип:удаленная
Уровень опасности:
5/10
Описание:При смене пароля не требуется ввод старого пароля.
Затронутые продукты:LINKSYS : Linksys WRT54GC
Оригинальный текстdocumentgabriel_(at)_falandodeseguranca.com, Linksys WRT54GC - Admin Password Change (POC) (20.04.2009)
Файлы:Linksys WRT54GC - Administration Password Change exploit

Многочисленные уязвимости безопасности в Microsoft Internet Explorer
дополнено с 15 апреля 2009 г.
Опубликовано:20 апреля 2009 г.
Источник:
SecurityVulns ID:9839
Тип:клиент
Уровень опасности:
8/10
Описание:Выполнение кода, многочисленные повреждения памяти, NTLM-релеинг.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2009-0554 (Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2009-0553 (Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2009-0552 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2009-0551 (Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability.")
 CVE-2009-0550 (Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability.")
 CVE-2008-2551 (The DownloaderActiveX Control (DownloaderActiveX.ocx) in Icona SpA C6 Messenger 1.0.0.1 allows remote attackers to force the download and execution of arbitrary files via a URL in the propDownloadUrl parameter with the propPostDownloadAction parameter set to "run.")
 CVE-2008-2550 (Unspecified vulnerability in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.17 has unknown impact and attack vectors related to an attribute in the SOAP security header.)
 CVE-2008-2540 (Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.)
 CVE-2008-2540 (Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.)
Оригинальный текстdocumentBerend-Jan Wever, MS09-014: MSIE EMBED element race condition memory corruption (20.04.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-015 – Moderate Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426) (15.04.2009)
 documentMICROSOFT, Microsoft Security Bulletin MS09-014 - Critical Cumulative Security Update for Internet Explorer (963027) (15.04.2009)
Файлы:Microsoft Security Bulletin MS09-014 - Critical Cumulative Security Update for Internet Explorer (963027)
 Microsoft Security Bulletin MS09-015 – Moderate Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород