Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Adobe Shockwave
дополнено с 12 мая 2010 г.
Опубликовано:21 мая 2010 г.
Источник:
SecurityVulns ID:10828
Тип:клиент
Уровень опасности:
9/10
Описание:Многочисленные переполнения буфера, целочисленные переполнения, повреждения памяти, выполнение кода.
Затронутые продукты:ADOBE : Shockwave Player 11.5
CVE:CVE-2010-1292 (The implementation of pami RIFF chunk parsing in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.)
 CVE-2010-1291 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1290.)
 CVE-2010-1290 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, and CVE-2010-1291.)
 CVE-2010-1289 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1287, CVE-2010-1290, and CVE-2010-1291.)
 CVE-2010-1288 (Buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow attackers to execute arbitrary code via unspecified vectors.)
 CVE-2010-1287 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1286, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.)
 CVE-2010-1286 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1284, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.)
 CVE-2010-1284 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-1286, CVE-2010-1287, CVE-2010-1289, CVE-2010-1290, and CVE-2010-1291.)
 CVE-2010-1283 (Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D objects in .dir (aka Director) files, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a modified field in a 0xFFFFFF49 record.)
 CVE-2010-1282 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file.)
 CVE-2010-1281 (iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file.)
 CVE-2010-1280 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file, related to (1) an erroneous dereference and (2) a certain Shock.dir file.)
 CVE-2010-0987 (Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via crafted embedded fonts in a Shockwave file.)
 CVE-2010-0986 (Adobe Shockwave Player before 11.5.7.609 does not properly process asset entries, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted Shockwave file.)
 CVE-2010-0130 (Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via a crafted .dir (aka Director) file.)
 CVE-2010-0130 (Integer overflow in Adobe Shockwave Player before 11.5.7.609 might allow remote attackers to execute arbitrary code via a crafted .dir (aka Director) file.)
 CVE-2010-0129 (Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error.)
 CVE-2010-0129 (Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error.)
 CVE-2010-0128 (Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation.)
 CVE-2010-0128 (Integer signedness error in dirapi.dll in Adobe Shockwave Player before 11.5.7.609 and Adobe Director before 11.5.7.609 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir file that triggers an invalid read operation.)
 CVE-2010-0127 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file.)
 CVE-2010-0127 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file.)
Оригинальный текстdocumentmac68k_(at)_gmail.com, [Kil13r-SA-20100513] Adobe Flash Player 10.0 Denial Of Service Vulnerability (21.05.2010)
 documentSECUNIA, Secunia Research: Adobe Shockwave Player Array Indexing Vulnerability (13.05.2010)
 documentSECUNIA, Secunia Research: Adobe Shockwave Player Signedness Error Vulnerability (13.05.2010)
 documentSECUNIA, Secunia Research: Adobe Shockwave Player 3D Parsing Memory Corruption (12.05.2010)
 documentIDEFENSE, iDefense Security Advisory 05.11.10: Abobe Shockwave Player Heap Memory Indexing Vulnerability (12.05.2010)
 documentvulnhunt_(at)_gmail.com, [CAL-20100204-3]Adobe Shockwave Player Director File Parsing RCSL Pointer Overwrite (12.05.2010)
 documentADOBE, Security update available for Shockwave Player (12.05.2010)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2010-0405] Adobe Director Invalid Read (12.05.2010)
 documentZDI, ZDI-10-089: Adobe Shockwave Director PAMI Chunk Remote Code Execution Vulnerability (12.05.2010)
 documentZDI, ZDI-10-087: Adobe Shockwave Invalid Offset Memory Corruption Remote Code Execution Vulnerability (12.05.2010)
 documentZDI, ZDI-10-088: Adobe Shockwave Player 3D Parsing Memory Corruption Vulnerability (12.05.2010)
 documentvulnhunt_(at)_gmail.com, [CAL-20100204-1]Adobe Shockwave Player Director File Parsing ATOM size infinite loop vulnerability (12.05.2010)
 documentvulnhunt_(at)_gmail.com, [CAL-20100204-2]Adobe Shockwave Player Director File Parsing integer overflow vulnerability (12.05.2010)

DoS против библиотеки GSS-API в MIT Kerberos 5
Опубликовано:21 мая 2010 г.
Источник:
SecurityVulns ID:10853
Тип:библиотека
Уровень опасности:
5/10
Описание:Обращение по нулевому указателю в серверном коде.
Затронутые продукты:MIT : krb5 1.8
CVE:CVE-2010-1321 (The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing.)
Оригинальный текстdocumentMIT, MITKRB5-SA-2010-005 [CVE-2010-1321] GSS-API lib null pointer deref (21.05.2010)

Межсайтовый скриптинг в беспроводном маршрутизаторе USR5463
Опубликовано:21 мая 2010 г.
Источник:
SecurityVulns ID:10854
Тип:удаленная
Уровень опасности:
4/10
Описание:Межсайтовый скриптинг через страницу конфигурации.
Затронутые продукты:USR : USR5463
Оригинальный текстdocumentsh4v_(at)_n3t-datagrams.net, XSS bug in US Robotics firmware USR5463-v0_06.bin (21.05.2010)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:21 мая 2010 г.
Источник:
SecurityVulns ID:10855
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:CACTI : cacti 0.8
 LISKCMS : LiSK CMS 4.4
 OCPRODUCTS : ocPortal 4.3
Оригинальный текстdocumentVUPEN Security Research, Cacti Multiple Parameter Cross Site Scripting Vulnerabilities (21.05.2010)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in NPDS REvolution (21.05.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in LiSK CMS (21.05.2010)
 documentepixoip, SDS Parent Connect SQL Injection (21.05.2010)
 documentHigh-Tech Bridge Security Research, XSRF (CSRF) in ocPortal (21.05.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in LiSK CMS (21.05.2010)
 documentMustLive, Vulnerability in widget FlashTagCloud for Blogsa (21.05.2010)
 documentinfo_(at)_securitylab.ir, Smart Douran CMS Remote File Download (21.05.2010)

Проблема символьных линков в Linux Mint 9
Опубликовано:21 мая 2010 г.
Источник:
SecurityVulns ID:10856
Тип:локальная
Уровень опасности:
5/10
Описание:Проблема символьных линков при создании временных файлов в утилите mintUpdate.
Оригинальный текстdocumentL4teral, Linux Mint 8 mintUpdate Insecure Temporary File Creation (21.05.2010)

Обратный путь в каталогах Orbit Downloader
Опубликовано:21 мая 2010 г.
Источник:
SecurityVulns ID:10857
Тип:клиент
Уровень опасности:
5/10
Описание:Обратный путь в каталогах через файлы metalink.
Затронутые продукты:ORBITDOWNLOADER : Orbit Downloader 3.0
Оригинальный текстdocumentSECUNIA, Secunia Research: Orbit Downloader metalink "name" Directory Traversal (21.05.2010)

DoS против NFS/ONCplus в HP-UX
Опубликовано:21 мая 2010 г.
Источник:
SecurityVulns ID:10858
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:HP : HP-UX 11.11
 HP : HP-UX 11.23
 HP : HP-UX 11.31
CVE:CVE-2010-1039 (Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.)
Оригинальный текстdocumentHP, [security bulletin] HPSBUX02523 SSRT100036 rev.1 - HP-UX Running ONCPlus, Remote Denial of Service (DoS), Increase in Privilege (21.05.2010)

Повреждение памяти в X.Org X11R7
Опубликовано:21 мая 2010 г.
Источник:
SecurityVulns ID:10859
Тип:локальная
Уровень опасности:
5/10
Описание:Повреждение памяти при обработке запроса клиентского приложения.
Затронутые продукты:XORG : X11 7.1
 XORG : X.Org 1.4
CVE:CVE-2010-1166 (The fbComposite function in fbpict.c in the Render extension in the X server in X.Org X11R7.1 allows remote authenticated users to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted request, related to an incorrect macro definition.)
Оригинальный текстdocumentUBUNTU, [Suspected Spam][USN-939-1] X.org vulnerabilities (21.05.2010)

Повреждение памяти в Wireshark
Опубликовано:21 мая 2010 г.
Источник:
SecurityVulns ID:10860
Тип:удаленная
Уровень опасности:
5/10
Описание:Повреждение памяти при разборе протокола DOCSIS.
CVE:CVE-2010-1455 (The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2010:099 ] wireshark (21.05.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород