Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Microsoft Office
дополнено с 16 сентября 2011 г.
Опубликовано:20 сентября 2011 г.
Источник:
SecurityVulns ID:11909
Тип:клиент
Уровень опасности:
7/10
Описание:Многочисленные повреждения памяти в Excel, неинициализированный указатель при разборе документов Microsoft Word, небезопасная загрузка динамических библиотек.
Затронутые продукты:MICROSOFT : Office 2003
 MICROSOFT : Office 2004 for Mac
 MICROSOFT : Office 2007
 MICROSOFT : Office 2008 for Mac
 MICROSOFT : Office 2010
CVE:CVE-2011-1990 (Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Excel Services on Office SharePoint Server 2007 SP2 do not properly validate the sign of an unspecified array index, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability.")
 CVE-2011-1989 (Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Conditional Expression Parsing Vulnerability.")
 CVE-2011-1988 (Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly parse records in Excel spreadsheets, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Heap Corruption Vulnerability.")
 CVE-2011-1987 (Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability.")
 CVE-2011-1986 (Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability.")
 CVE-2011-1982 (Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability.")
 CVE-2011-1980 (Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability.")
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Office Excel Formula Record Heap Corruption Vulnerability (20.09.2011)
 documentIDEFENSE, iDefense Security Advisory 09.13.11: Adobe Reader and Acrobat JPEG Processing Use After Free Vulnerability (16.09.2011)
 documentIDEFENSE, iDefense Security Advisory 09.13.11: Microsoft Excel Record Memory Corruption Vulnerability (16.09.2011)
 documentIDEFENSE, iDefense Security Advisory 09.13.11: Microsoft Excel Record Integer Signedness Vulnerability (16.09.2011)
 documentIDEFENSE, iDefense Security Advisory 09.13.11: Microsoft Excel Record Memory Corruption Vulnerability (16.09.2011)
Файлы:Microsoft Security Bulletin MS11-072 - Important Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505)
 Microsoft Security Bulletin MS11-073 - Important Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2587634)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:20 сентября 2011 г.
Источник:
SecurityVulns ID:11912
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:EZ : eZ Flash Tag Cloud 1.0
 SIT : Support Incident Tracker 3.64
 MANAGEENGINE : ServiceDesk Plus 8.0
 NORTEL : Nortel Contact Recording Centralized Archive 6.5
CVE:CVE-2011-1510 (Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus (SDP) before 8012 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter.)
 CVE-2011-1509 (The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.)
Оригинальный текстdocumentrgod, Nortel Contact Recording Centralized Archive 6.5.1 EyrAPIConfiguration getSubKeys() Remote SQL Injection Exploit (20.09.2011)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2011-016] SAP WebAS Malicious SAP Shortcut Generation (20.09.2011)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2011-015] SAP WebAS webrfc Cross-Site Scripting (20.09.2011)
 documentOnapsis Research Labs, [Onapsis Security Advisory 2011-014] SAP WebAS Remote Denial of Service (20.09.2011)
 documentAlexandr Polyakov, [DSECRG-11-033] SAP Crystal Report Server pubDBLogon - Linked ХSS vulnerability (by ERPScan) (20.09.2011)
 documentAlexandr Polyakov, [DSECRG-11-032] SAP NetWeaver ipcpricing - information disclose (by ERPScan) (20.09.2011)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2011-0506 - Multiples Vulnerabilities in ManageEngine ServiceDesk Plus (20.09.2011)
 documentHigh-Tech Bridge Security Research, Multiple vulnerabilities in SiT! Support Incident Tracker (20.09.2011)
 documentMustLive, Update: Vulnerability in plugins for Typepad, RapidWeaver, Habari, DasBlo, eZ Publish, EE, Serendipity, Social Web CMS, PHP-Fusion, Magento and Sweetcron (20.09.2011)

Выполнение кода в librsvg
Опубликовано:20 сентября 2011 г.
Источник:
SecurityVulns ID:11913
Тип:библиотека
Уровень опасности:
5/10
Описание:Выполнение кода при разборе файлов SVG
Затронутые продукты:LIBRSVG : librsvg 2.32
CVE:CVE-2011-3146 (librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive.)
Оригинальный текстdocumentUBUNTU, [USN-1206-1] librsvg vulnerability (20.09.2011)

Многочисленные уязвимости безопасности в Microsoft Sharepoint
дополнено с 16 сентября 2011 г.
Опубликовано:20 сентября 2011 г.
Источник:
SecurityVulns ID:11910
Тип:удаленная
Уровень опасности:
6/10
Описание:Межсайтовый скриптинг, внедрение кода, утечка информации.
Затронутые продукты:MICROSOFT : SharePoint Server 2007
 MICROSOFT : SharePoint Workspace 2010
 MICROSOFT : Office Groove 2007
 MICROSOFT : Office Forms Server 2007
 MICROSOFT : SharePoint Server 2010
CVE:CVE-2011-1893 (Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability.")
 CVE-2011-1892 (Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability.")
 CVE-2011-1891 (Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability.")
 CVE-2011-1890 (Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability.")
 CVE-2011-1252 (Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability.")
 CVE-2011-0653 (Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability.")
Оригинальный текстdocumentNicolas Grégoire, XEE vulnerabilities in SharePoint (MS11-074) and DotNetNuke (20.09.2011)
 documentIrene Abezgauz, Seeker Advisory Sep11: Reflected Cross Site Scripting in Microsoft SharePoint Portal (16.09.2011)
 documentIrene Abezgauz, Seeker Advisory Sep11: Insecure Redirect in Microsoft SharePoint Portal (16.09.2011)
Файлы:Microsoft Security Bulletin MS11-074 - Important Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege (2451858)

Межсайтовый скриптинг в FortiMail Messaging Security Appliance
Опубликовано:20 сентября 2011 г.
Источник:
SecurityVulns ID:11914
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг в модуле web-администрирования.
Затронутые продукты:FORTINET : FortiMail 100
 FORTINET : FortiMail 400
Оригинальный текстdocumentsschurtz_(at)_t-online.de, XSS vulnerability in FortiMail Messaging Security Appliance (20.09.2011)

DoS против HP Network Node Manager i
Опубликовано:20 сентября 2011 г.
Источник:
SecurityVulns ID:11915
Тип:удаленная
Уровень опасности:
5/10
CVE:CVE-2009-3877 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911.)
 CVE-2009-3876 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted DER encoded data, which is not properly decoded by the ASN.1 DER input stream parser, aka Bug Id 6864911.)
 CVE-2009-3875 (The MessageDigest.isEqual function in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to spoof HMAC-based digital signatures, and possibly bypass authentication, via unspecified vectors related to "timing attack vulnerabilities," aka Bug Id 6863503.)
 CVE-2009-3874 (Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643.)
 CVE-2009-3873 (The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968.)
 CVE-2009-3872 (Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969.)
 CVE-2009-3871 (Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358.)
 CVE-2009-3869 (Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.)
 CVE-2009-3868 (Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970.)
 CVE-2009-3867 (Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMU02703 SSRT100242 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Denial of Service (DoS), Unauthorized Disclosure of Information, Unauthorized Modification (20.09.2011)

DoS против Colasoft Capsa
Опубликовано:20 сентября 2011 г.
Источник:
SecurityVulns ID:11916
Тип:удаленная
Уровень опасности:
5/10
Описание:Отказ при разборе пакета SNMP.
Затронутые продукты:COLASOFT : Capsa 7.2
Оригинальный текстdocumentvuln_(at)_nipc.org.cn, Colasoft Capsa7.2.1 Malformed SNMP Packet Denial of Service (20.09.2011)

Выполнение кода в HP Business Service Automation Essentials
Опубликовано:20 сентября 2011 г.
Источник:
SecurityVulns ID:11917
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:HP : Business Service Automation Essentials 2.01
CVE:CVE-2011-2412 (Unspecified vulnerability in HP Business Service Automation (BSA) Essentials 2.01 allows remote attackers to execute arbitrary code via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMU02705 SSRT100622 rev.1 - HP Business Service Automation (BSA) Essentials, Remote Execution of Arbitrary Code (20.09.2011)

DoS против Cisco Unified Communications Manager / Cisco Intercompany Media Engine Cisco TelePresence Codecs
дополнено с 30 августа 2011 г.
Опубликовано:20 сентября 2011 г.
Источник:
SecurityVulns ID:11882
Тип:удаленная
Уровень опасности:
6/10
Описание:Отказ при разборе пакета Service Advertisement Framework (SAF), отказ при разборе SIP, DoS через флуд соединениями.
Затронутые продукты:CISCO : Unified Communications Manager 6.1
 CISCO : Unified Communications Manager 7.0
 CISCO : Unified Communications Manager 8.5
 CISCO : Intercompany Media Engine 8.0
 CISCO : TelePresence C40
 CISCO : TelePresence C60
 CISCO : TelePresence C90
 CISCO : TelePresence E20
 CISCO : TelePresence EX60
 CISCO : TelePresence EX90
 CISCO : TelePresence 6000 MXP
 CISCO : TelePresence 9000 MXP
CVE:CVE-2011-2577 (Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted SIP packet to port 5060 or 5061, aka Bug ID CSCtq46500.)
 CVE-2011-2564 (Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth19417.)
 CVE-2011-2563 (Unspecified vulnerability in the Service Advertisement Framework (SAF) in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 8.x before 8.5(1) and Cisco Intercompany Media Engine 8.x before 8.5(1) allows remote attackers to cause a denial of service (device reload) via crafted SAF packets, aka Bug ID CSCth26669.)
 CVE-2011-2562 (Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (service outage) via a SIP INVITE message, aka Bug ID CSCth43256.)
 CVE-2011-2561 (The SIP process in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(5b)su4 and 8.x before 8.0(1) does not properly handle SDP data within a SIP call in certain situations related to use of the g729ar8 codec for a Media Termination Point (MTP), which allows remote attackers to cause a denial of service (service outage) via a crafted call, aka Bug ID CSCtc61990.)
 CVE-2011-2560 (The Packet Capture Service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x does not properly handle idle TCP connections, which allows remote attackers to cause a denial of service (memory consumption and restart) by making many connections, aka Bug ID CSCtf97162.)
 CVE-2011-2544 (Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF) attacks that change passwords or cause a denial of service, aka Bug ID CSCtq46488.)
 CVE-2011-2543 (Buffer overflow in the cuil component in Cisco Telepresence System Integrator C Series 4.x before TC4.2.0 allows remote authenticated users to cause a denial of service (endpoint reboot or process crash) or possibly execute arbitrary code via a long location parameter to the getxml program, aka Bug ID CSCtq46496.)
Оригинальный текстdocumentlists_(at)_senseofsecurity.com, Cisco TelePresence Multiple Vulnerabilities - SOS-11-010 (20.09.2011)
 documentCISCO, Cisco Security Advisory: Denial of Service Vulnerability in Cisco TelePresence Codecs (05.09.2011)
 documentCISCO, Cisco Security Advisory: Denial of Service Vulnerabilities in Cisco Intercompany Media Engine (30.08.2011)

Переполнение буфера в Cisco Unified Service Monitor / Cisco Unified Operations Manager / CiscoWorks LAN Management / EMC Ionix
Опубликовано:20 сентября 2011 г.
Источник:
SecurityVulns ID:11918
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение буфера при разборе сетевого пакета TCP/9002.
Затронутые продукты:EMC : Ionix Adapter for Alcatel-Lucent 5620 SAM EMS 3.2
 EMC : Ionix IP Management Suite 8.1
 EMC : Ionix Ionix Service Assurance Management Suite 8.1
 EMC : Ionix Ionix VoIP Availability Management Suite 4.0
 CISCO : CiscoWorks LAN Management Solution 3.1
 CISCO : CiscoWorks LAN Management Solution 3.2
 CISCO : CiscoWorks LAN Management Solution 4.0
 CISCO : Unified Service Monitor 8.6
 CISCO : Unified Operations Manager 8.6
CVE:CVE-2011-2738 (Multiple unspecified vulnerabilities in Cisco Unified Service Monitor before 8.6, as used in Unified Operations Manager before 8.6 and CiscoWorks LAN Management Solution 3.x and 4.x before 4.1; and multiple EMC Ionix products including Application Connectivity Monitor (Ionix ACM) 2.3 and earlier, Adapter for Alcatel-Lucent 5620 SAM EMS (Ionix ASAM) 3.2.0.2 and earlier, IP Management Suite (Ionix IP) 8.1.1.1 and earlier, and other Ionix products; allow remote attackers to execute arbitrary code via crafted packets to TCP port 9002, aka Bug IDs CSCtn42961 and CSCtn64922, related to a buffer overflow.)
Оригинальный текстdocumentCISCO, Cisco Security Advisory: Cisco Unified Service Monitor and Cisco Unified Operations Manager Remote Code Execution Vulnerabilities (20.09.2011)
 documentCISCO, Cisco Security Advisory: CiscoWorks LAN Management Solution Remote Code Execution Vulnerabilities (20.09.2011)
 documentEMC, ESA-2011-029: Buffer overflow vulnerability in multiple EMC Ionix products (20.09.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород