Информационная безопасность
[RU] switch to English


Проблемы символьных линков в IBM DB2
Опубликовано:22 февраля 2007 г.
Источник:
SecurityVulns ID:7281
Тип:локальная
Уровень опасности:
5/10
Описание:Проблема символьных линков при создании временных файлов.
Затронутые продукты:IBM : DB2 9.0
CVE:CVE-2007-1027 (Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file.)

Повышение привилегий через ls в Linux ftpd (privilege escalation)
Опубликовано:22 февраля 2007 г.
Источник:
SecurityVulns ID:7284
Тип:удаленная
Уровень опасности:
3/10
Описание:Команда ls запускается с эффиктивным gid 0.
Оригинальный текстdocumentPaul Szabo, /bin/ls with gid=0 in Debian linux-ftpd (22.02.2007)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:22 февраля 2007 г.
Источник:
SecurityVulns ID:7287
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:SAPHPLESSON : SaphpLesson 3.0
 PHPTRAFFICA : phpTrafficA 1.4
 JWEB : Pics Navigator 2.0
 JWEB : Pics Navigator 1.0
 MAGICNEWSPLUS : Magic News Plus 1.0
 LOVECMS : LoveCMS 1.4
 INTERSPIRE : SendStudio 2004.14
CVE:CVE-2007-1151 (Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter to the top-level URI, possibly related to a SQL error.)
 CVE-2007-1150 (Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote authenticated administrators to upload arbitrary files to /modules/content/pictures/tmp/.)
 CVE-2007-1149 (Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the step parameter to install/index.php or (2) the load parameter to the top-level URI.)
 CVE-2007-1148 (PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter.)
 CVE-2007-1144 (Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Navigator 2.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter.)
 CVE-2007-1143 (Directory traversal vulnerability in pn-menu.php in J-Web Pics Navigator 1.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter.)
 CVE-2007-1142 (Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the link_parameters parameter in (1) news.php and (2) n_layouts.php.)
 CVE-2007-1141 (PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the php_script_path parameter. NOTE: This issue may overlap CVE-2006-0723.)
 CVE-2007-1140 (Directory traversal vulnerability in edit.php in pheap allows remote attackers to read and modify arbitrary files via a .. (dot dot) in the filename parameter.)
 CVE-2007-1139 (Unrestricted file upload vulnerability in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to upload arbitrary scripts via a filename with a double extension.)
 CVE-2007-1138 (Absolute path traversal vulnerability in list_main_pages.php in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to list arbitrary directories, and read arbitrary files, via an absolute pathname in the nfolder parameter.)
 CVE-2007-1076 (Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and possibly earlier, allow remote attackers to include arbitrary local files via a .. (dot dot) in the (1) file parameter to plotStat.php and the (2) lang parameter to banref.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-1060 (Multiple PHP remote file inclusion vulnerabilities in Interspire SendStudio 2004.14 and earlier, when register_globals and allow_fopenurl are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOTDIR parameter to (1) createemails.inc.php and (2) send_emails.inc.php in /admin/includes/.)
Оригинальный текстdocumenteufrato_(at)_gmail.com, [ECHO_ADV_66$2007] SendStudio <= 2004.14 Remote File Inclusion Vulnerability (22.02.2007)
 documentgamr-14_(at)_hotmail.com, SaphpLesson v3.0 SQL Injection Exploit (22.02.2007)
 documentlaurent gaffié, pheap [edit LFI] vulnerability (22.02.2007)
 documentlaurent gaffié, LoveCMS 1.4 multiple vulnerabilities (22.02.2007)
 documentlaurent gaffié, Plantilla PHP Simple (22.02.2007)
 documentsn0oPy.team_(at)_gmail.com, Pics Navigator Directory Traversal Vulnerability (22.02.2007)
 documentSECURITEAM, [UNIX] phpTrafficA Local File Inclusion (22.02.2007)
Файлы:Magic News PHP Code Execution Exploit

Многочисленные уязвимости в TurboFTP (multiple bugs)
Опубликовано:22 февраля 2007 г.
Источник:
SecurityVulns ID:7288
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные переполнения буферов динамической памяти.
Затронутые продукты:TURBOFTP : TurboFTP 5.30
CVE:CVE-2007-1080 (Multiple heap-based buffer overflows in TurboFTP 5.30 Build 572 allow remote servers to cause a denial of service via (1) long filename in a response to a LIST command, and (2) a long response to a CWD command.)
 CVE-2007-1075 (TurboFTP 5.30 Build 572 allows remote servers to cause a denial of service (CPU consumption) via a response with a large number of newline characters.)
Файлы:Exploits TurboFTP 5.30 Build 572 Multiple Remote DoS

Многочисленные уязвимости в Newsrover / Newsbin / Newsreactor / Grabbit / News Files Grabber (multiple bugs)
Опубликовано:22 февраля 2007 г.
Источник:
SecurityVulns ID:7289
Тип:клиент
Уровень опасности:
5/10
Описание:Уязвимости при разборе файлов различных XML форматов.
Затронутые продукты:NEWSBINPRO : News Bin Pro 5.33
 NEWSROVER : News Rover 12.1
 SHEMES : Grabit 1.5
 NEWSFILEGRABBER : News File Grabber 4.1
 NEWSREACTOR : NewsReactor 20070220
 GLUESOFTWARE : NewsGlue 1.3
CVE:CVE-2007-1610 (Cross-site scripting (XSS) vulnerability in the RSS reader in Glue Software NewsGlue before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via a feed.)
 CVE-2007-1569 (Stack-based buffer overflow in NewsBin Pro 4.32 allows remote attackers to cause a denial of service or execute arbitrary code via a yEnc (yEncode) encoded article with a long filename, as demonstrated using a .nzb file. NOTE: some of these details are obtained from third party information.)
 CVE-2007-1568 (Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 allows remote attackers to execute arbitrary code via a yEnc (yEncode) encoded article with a long filename.)
 CVE-2007-1074 (Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to execute arbitrary code via a long (1) DataPath or (2) DownloadPath attributed in a (a) NBI file, or (3) a long group field in a (b) NZB file.)
 CVE-2007-1041 (Multiple stack-based buffer overflows in S&H Computer Systems News Rover 12.1 Rev 1 allow remote attackers to execute arbitrary code via a .nzb file with a long (1) group or (2) subject string.)
 CVE-2007-1038 (Shemes.com Grabit 1.5.3, and possibly earlier, allows remote attackers to cause a denial of service (application crash) via a .nzb file with a subject field containing ';' (semicolon) characters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-1037 (Stack-based buffer overflow in News File Grabber 4.1.0.1 and earlier allows remote attackers to execute arbitrary code via a .nzb file with a long subject field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
Файлы:News Rover 12.1 Rev 1 Remote Stack Overflow exploit
 NewsReactor 20070220 Article Grabbing Remote Buffer Overflow Exploit 1
 News Bin Pro 4.32 Article Grabbing Remote Unicode Buffer Overflow
 News Rover 12.1 Rev 1 Remote Stack Overflow perl exploit
 News Bin Pro 5.33 .NBI File Buffer Overflow exploit
 NewsReactor 20070220 Article Grabbing Remote Buffer Overflow

DoS против NFS/ACL в Linux
Опубликовано:22 февраля 2007 г.
Источник:
SecurityVulns ID:7282
Тип:удаленная
Уровень опасности:
5/10
Описание:Повреждение памяти при обработке запроса 'ACCESS' nfsacl версии 2.
CVE:CVE-2007-0772 (The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows remote attackers to cause a denial of service (oops) via a crafted NFSACL 2 ACCESS request that triggers a free of an incorrect pointer.)

Утечка информации через ReadDirectoryChangesW в Microsoft Windows (information leak)
Опубликовано:22 февраля 2007 г.
Источник:
SecurityVulns ID:7283
Тип:удаленная
Уровень опасности:
6/10
Описание:Функция API ReadDirectoryChangesW() не проверяет полномочия пользователя на доступ к вложенным папкам, что позволяет атакующему собирать информация о файлах в закрытых папках.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-0843 (The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.)
Оригинальный текстdocument3APA3A, Microsoft Windows 2000/XP/2003/Vista ReadDirectoryChangesW informaton leak (22.02.2007)
Файлы:Monitors directory tree changes (compiled)
 Monitors directory tree changes
 Microsoft Windows 2000/XP/2003/Vista ReadDirectoryChangesW informaton leak

Несанкционированный доступ к SCSI-устройствам на Linux (unauthorized access)
Опубликовано:22 февраля 2007 г.
Источник:
SecurityVulns ID:7285
Тип:локальная
Уровень опасности:
6/10
Описание:Ошибка в модуле pam позволяет консольным пользвоателям обращаться напрямую к SCSI-дискам.
Затронутые продукты:LINUX : kernel 2.4
 LINUX : kernel 2.6
Оригинальный текстdocumentJohn Cartwright, [Full-disclosure] Fwd: [full disclosure] Linux generic devices / pam.console problem (22.02.2007)

Несанкционированный доступ к Trend Micro Server Protect (unauthorized access)
Опубликовано:22 февраля 2007 г.
Источник:
SecurityVulns ID:7286
Тип:удаленная
Уровень опасности:
5/10
Описание:Несанкционированный доступ к Web-интерфейсу по порту TCP/14942.
Затронутые продукты:TM : Trend Micro ServerProtect for Linux 1.3
CVE:CVE-2007-1169 (The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 accepts logon requests through unencrypted HTTP, which might allow remote attackers to obtain credentials by sniffing the network.)
 CVE-2007-1168 (Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 allows remote attackers to access arbitrary web pages and reconfigure the product via HTTP requests with the splx_2376_info cookie to the web interface port (14942/tcp).)
Оригинальный текстdocumentIDEFENSE, [Full-disclosure] iDefense Security Advisory 02.16.07: Trend Micro ServerProtect Web Interface Authorization Bypass Vulnerability (22.02.2007)

DoS против FTP Explorer
Опубликовано:22 февраля 2007 г.
Источник:
SecurityVulns ID:7291
Тип:клиент
Уровень опасности:
2/10
Описание:Вечный цикл на длинном ответе сервера.
Затронутые продукты:FTPEXPLORER : FTP Explorer 1.0
CVE:CVE-2007-1082 (FTP Explorer 1.0.1 Build 047, and other versions before 1.0.1.52, allows remote servers to cause a denial of service (CPU consumption) via a long response to a PWD command.)
Файлы:FTP Explorer 1.0.1 Build 047 Remote DoS (CPU consumption)

Переполнение буфера в FTP Voyager (buffer overflow)
Опубликовано:22 февраля 2007 г.
Источник:
SecurityVulns ID:7290
Тип:клиент
Уровень опасности:
5/10
Описание:Переполнение буфера стековой памяти при разборе ответа сервера.
Затронутые продукты:FTPVOYAGER : FTP Voyager 14.0
CVE:CVE-2007-1079 (Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager 14.0.0.3 and earlier allows remote servers to cause a denial of service (crash) via a long response to a CWD command, which triggers the overflow when the user aborts the command.)
Файлы:FTP Voyager <= 14.0.0.3 CWD Remote Stack Overflow

Небезопасная конфигурация по-умолчанию в JBoss (insecure defaults)
дополнено с 22 февраля 2007 г.
Опубликовано:23 февраля 2007 г.
Источник:
SecurityVulns ID:7280
Тип:удаленная
Уровень опасности:
5/10
Описание:По-умолчанию web-консоль и инструменты управления доступны без авторизации.
CVE:CVE-2007-1157 (Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733.)
 CVE-2007-1156 (JBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for _admin/.)
 CVE-2007-1036 (The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.)
Оригинальный текстdocumentbuben.razuma_(at)_gmail.com, JBoss jmx-console CSRF (23.02.2007)

Бесконечный цикл в PHP zend_hash_init (DoS)
дополнено с 22 февраля 2007 г.
Опубликовано:2 марта 2007 г.
Источник:
SecurityVulns ID:7279
Тип:удаленная
Уровень опасности:
5/10
Описание:Почти бесконечный цикл на 64-битных платформах.
Затронутые продукты:PHP : PHP 4.4
 PHP : PHP 5.2
CVE:CVE-2007-1285 (The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines.)
 CVE-2007-0988 (The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only cause 32-bit arguments to be used after the check for a negative value, as demonstrated by an "a:2147483649:{" argument.)
Оригинальный текстdocumentPHP-SECURITY, MOPB-05-2007:PHP unserialize() 64 bit Array Creation Denial of Service Vulnerability (02.03.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород