Информационная безопасность
[RU] switch to English


Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
дополнено с 20 февраля 2009 г.
Опубликовано:21 февраля 2009 г.
Источник:
SecurityVulns ID:9686
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:DRUPAL : Drupal 4.5
 PHPCREDO : PHCDownload 1.1
 DRUPAL : Drupal 5.5
Оригинальный текстdocumentMustLive, New Cross-Site Scripting vulnerability in Drupal (21.02.2009)
 documentcontact_(at)_vnbrain.net, PHCDownload 1.1.0 Vulnerabilities (20.02.2009)
 documentMustLive, Cross-Site Scripting vulnerability in Drupal (20.02.2009)
 documentMustLive, Cross-Site Scripting vulnerability in Drupal (20.02.2009)

Выполнение кода в Adobe Acrobat / Reader
дополнено с 21 февраля 2009 г.
Опубликовано:4 сентября 2009 г.
Источник:
SecurityVulns ID:9687
Тип:клиент
Уровень опасности:
8/10
Описание:Уязвимость используется для скрытой установки кода в систему. рекомендуется отключить просмотр PDF-документов в браузере и выполнение Javascript внутри PDF. Переполнение буфера в JBIG2, переполнение буфера в функции getIcon() JavaScript.
Затронутые продукты:ADOBE : Reader 8.1
 ADOBE : Acrobat 8.1
 ADOBE : Reader 9.0
 ADOBE : Acrobat 9.0
 ADOBE : Acrobat 7.1
 ADOBE : Reader 7.1
 ADOBE : Reader 9.1
CVE:CVE-2009-1857 (Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a PDF document with a crafted TrueType font.)
 CVE-2009-1856 (Integer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows attackers to cause a denial of service or possibly execute arbitrary code via a PDF file containing unspecified parameters to the FlateDecode filter, which triggers a heap-based buffer overflow.)
 CVE-2009-1855 (Stack-based buffer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via a PDF file containing a malformed U3D model file with a crafted extension block.)
 CVE-2009-0927 (Unspecified vulnerability in Adobe Reader and Adobe Acrobat 9.1 and 7.1.1 allows remote attackers to execute arbitrary code via unknown vectors related to a JavaScript method and input validation, a different vulnerability than CVE-2009-0658.)
 CVE-2009-0658 (Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.)
 CVE-2009-0509 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to execute arbitrary code via a crafted file that triggers memory corruption.)
 CVE-2009-0198 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF file that contains JBIG2 text region segments with Huffman encoding.)
 CVE-2009-0193 (Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a PDF file with a malformed JBIG2 symbol dictionary segment, a different vulnerability than CVE-2009-1061 and CVE-2009-1062.)
 CVE-2009-0193 (Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a PDF file with a malformed JBIG2 symbol dictionary segment, a different vulnerability than CVE-2009-1061 and CVE-2009-1062.)
Оригинальный текстdocumentIván Rodriguez Almuiña, Adobe Acrobat and Reader Collab 'getIcon()' JavaScript Method Exploit and Report (CVE-2009-0927) (04.09.2009)
 documentZDI, ZDI-09-042: Adobe Reader U3D RHAdobeMeta Stack Overflow Vulnerability (14.06.2009)
 documentnoreply-secresearch_(at)_fortinet.com, FortiGuard Advisory: Adobe Reader/Acrobat TrueType Font Processing Memory Corruption Vulnerability (14.06.2009)
 documentIDEFENSE, iDefense Security Advisory 06.11.09: Adobe Reader and Acrobat FlateDecode Integer Overflow Vulnerability (14.06.2009)
 documentVUPEN Security Research, VUPEN Security - Adobe Acrobat and Reader JBIG2 Filter Heap Overflow Vulnerability (14.06.2009)
 documentSECUNIA, Secunia Research: Adobe Reader JBIG2 Text Region Segment Buffer Overflow (11.06.2009)
 documentiViZ Security Advisories, [Full-disclosure] [IVIZ-09-001] Adobe Acrobat Reader Memory Corruption Vulnerability (26.03.2009)
 documentSECUNIA, Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow (25.03.2009)
 documentZDI, ZDI-09-014: Adobe Acrobat getIcon() Stack Overflow Vulnerability (25.03.2009)
 documentIDEFENSE, iDefense Security Advisory 03.24.09: Adobe Reader and Acrobat JBIG2 Encoded Stream Heap Overflow Vulnerability (25.03.2009)
 documentADOBE, Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat (21.02.2009)
 documentCERT, US-CERT Technical Cyber Security Alert TA09-051A -- Adobe Acrobat and Reader Vulnerability (21.02.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород