Информационная безопасность
[RU] switch to English


Небезопасная конфигурация по-умолчанию в JBoss (insecure defaults)
дополнено с 22 февраля 2007 г.
Опубликовано:23 февраля 2007 г.
Источник:
SecurityVulns ID:7280
Тип:удаленная
Уровень опасности:
5/10
Описание:По-умолчанию web-консоль и инструменты управления доступны без авторизации.
CVE:CVE-2007-1157 (Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733.)
 CVE-2007-1156 (JBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for _admin/.)
 CVE-2007-1036 (The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.)
Оригинальный текстdocumentbuben.razuma_(at)_gmail.com, JBoss jmx-console CSRF (23.02.2007)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:23 февраля 2007 г.
Источник:
SecurityVulns ID:7292
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:WORDPRESS : WordPress 2.0
 WORDPRESS : WordPress 2.1
 WEBSPELL : webSPELL 3.01
 CONNECTIX : Connectix Boards 0.7
 DBIMAGEGALLERY : DBImageGallery 1.2
 DBGUESTBOOK : DBGuestBook 1.1
 DZCP : deV!Lz Clanportal 1.4
 ULTIMATEFUNBOARD : Ultimate Fun Book 1.02
 ONLINEWEBBUILDIN : Online Web Building 2.0
 PEANUTKB : Peanut Knowledge Base 0.0
 FLASHGAMESCRIPT : FlashGameScript 1.5
 DESIGN4ONLINE : UserPages2 2.0
CVE:CVE-2007-1255 (Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later accessed via a direct request for the file in smileys/. NOTE: this can be leveraged with a separate SQL injection issue for remote unauthenticated attacks.)
 CVE-2007-1254 (SQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the p_skin parameter to index.php.)
 CVE-2007-1167 (inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and earlier allows remote attackers to obtain MySQL data via the inc/mysql.php value of the file parameter.)
 CVE-2007-1165 (Multiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the dbs_base_path parameter to (1) utils.php, (2) guestbook.php, or (3) views.php in includes/.)
 CVE-2007-1164 (Multiple PHP remote file inclusion vulnerabilities in DBImageGallery 1.2.2 allow remote attackers to execute arbitrary PHP code via a URL in the donsimg_base_path parameter to (1) attributes.php, (2) images.php, or (3) scan.php in admin/; or (4) attributes.php, (5) db_utils.php, (6) images.php, (7) utils.php, or (8) values.php in includes/.)
 CVE-2007-1147 (PHP remote file inclusion vulnerability in view.php in hbm allows remote attackers to execute arbitrary PHP code via a URL in the hbmpath parameter.)
 CVE-2007-1146 (PHP remote file inclusion vulnerability in function.php in arabhost allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter.)
 CVE-2007-1078 (PHP remote file inclusion vulnerability in index.php in FlashGameScript 1.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the func parameter.)
 CVE-2007-1077 (SQL injection vulnerability in page.asp in Design4Online UserPages2 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-1059 (PHP remote file inclusion vulnerability in function.php in Ultimate Fun Book 1.02 allows remote attackers to execute arbitrary PHP code via a URL in the gbpfad parameter. NOTE: some sources mention "Ultimate Fun Board," but this appears to be an error.)
 CVE-2007-1058 (SQL injection vulnerability in user_pages/page.asp in Online Web Building 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter.)
 CVE-2007-1049 (Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable.)
 CVE-2007-1039 (Unspecified vulnerability in Peanut Knowledge Base (PeanutKB) 0.0.3 and earlier has unknown impact and attack vectors.)
Оригинальный текстdocumentmalic89_(at)_gmail.com, FlashGameScript v1.5.4 Remote File Inclusion Vulnerability (23.02.2007)
 documentRaeD Hasadya, Hasadya Raed (23.02.2007)
 documentsn0oPy.team_(at)_gmail.com, JBrowser acces to admin/config files (23.02.2007)
 documentr.verton_(at)_gmail.com, WebSpell > 4.0 Authentication Bypass and arbitrary code execution (23.02.2007)
 documentXORON, Online Web Building v2.0 (id) Remote SQL Injection (23.02.2007)
 documentkezzap66345, Ultimate Fun Book 1.02 (function.php) Remote File Include Vulnerability: (23.02.2007)
 documentKiba, DZCP (Devilz Clanportal) <= 1.4.5 Mysql Data viewable (23.02.2007)
 documentDenven, DBGuestbook 1.1 (dbs_base_path) Remote File Include Vulnerabilities (23.02.2007)
 documentDenven, DBImageGallery 1.2.2 (donsimg_base_path) RFI Vulnerabilities: (23.02.2007)
Файлы:webSPELL <= v4.01.02 (topic) Remote SQL Injection
 Connectix Boards <= 0.7 (p_skin) Multiple Vulnerabilities Exploit

Слабые разрешения в клиенте Nortel NetDirect для Linux (weak permissions)
Опубликовано:23 февраля 2007 г.
Источник:
SecurityVulns ID:7293
Тип:локальная
Уровень опасности:
5/10
Описание:Слабые разрешения при извлечении дистрибутива из архива во временную папку.
CVE:CVE-2007-1057 (The Net Direct client for Linux before 6.0.5 in Nortel Application Switch 2424, VPN 3050 and 3070, and SSL VPN Module 1000 extracts and executes files with insecure permissions, which allows local users to exploit a race condition to replace a world-writable file in /tmp/NetClient and cause another user to execute arbitrary code when attempting to execute this client, as demonstrated by replacing /tmp/NetClient/client.)
Файлы:Exploits Nortel SSL VPN Linux Client race condition

Несанкционированное упрвление Distributed Checksum Clearinghouse
Опубликовано:23 февраля 2007 г.
Источник:
SecurityVulns ID:7294
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:DCC : Distributed Checksum Clearinghouse 1.3
CVE:CVE-2007-1047 (Unspecified vulnerability in Distributed Checksum Clearinghouse (DCC) before 1.3.51 allows remote attackers to delete or add hosts in /var/dcc/maps.)

Многочисленные уязвимости в IBM DB2 (multiple bugs)
Опубликовано:23 февраля 2007 г.
Источник:
SecurityVulns ID:7295
Тип:локальная
Уровень опасности:
6/10
Описание:Многочисленные повышения привилегий, возможность создания файлов.
Затронутые продукты:IBM : DB2 8.1
 IBM : DB2 9.1
CVE:CVE-2007-1228 (IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories.)
 CVE-2007-1089 (IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local users with table SELECT privileges to perform unauthorized UPDATE and DELETE SQL commands via unknown vectors.)
 CVE-2007-1088 (Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables.)
 CVE-2007-1087 (IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow.)
 CVE-2007-1086 (Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access.")
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 02.22.07: IBM DB2 Universal Database DB2INSTANCE File Creation Vulnerability (23.02.2007)
 documentIDEFENSE, iDefense Security Advisory 02.22.07: IBM DB2 Universal Database Multiple Privilege Escalation Vulnerabilities (23.02.2007)

Переполнение буфера в ActiveX элементе многих продуктов Verisign (buffer overflow)
Опубликовано:23 февраля 2007 г.
Источник:
SecurityVulns ID:7296
Тип:клиент
Уровень опасности:
6/10
Описание:Переполнение буфера в элементе ConfigChk.
CVE:CVE-2007-1083 (Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.)
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 02.22.07: VeriSign ConfigChk ActiveX Control Buffer Overflow Vulnerability (23.02.2007)

Целочисленное переполнение буфера в ImageIO для Mac OS X (integer overflow)
Опубликовано:23 февраля 2007 г.
Источник:
SecurityVulns ID:7299
Тип:библиотека
Уровень опасности:
6/10
Описание:Переполнение целочисленного типа при разборе изображений GIF.
Затронутые продукты:APPLE : Mac OS X 10.4
CVE:CVE-2007-1071 (Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. NOTE: this is a different issue than CVE-2006-3502 and CVE-2006-3503.)

Многочисленные уязвимостив Mercur Messaging 2005 (multiple bugs)
Опубликовано:23 февраля 2007 г.
Источник:
SecurityVulns ID:7300
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные DoS-условия и переполнения буфера.
Затронутые продукты:MERCUR : MERCUR Messaging 2005
CVE:CVE-2006-7041 (The SMTP service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (infinite loop) via a message in which neither the originator nor recipient address is known.)
 CVE-2006-7040 (Unspecified vulnerability in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a TOP command to the POP3 service.)
 CVE-2006-7039 (The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a message with a long subject field.)
 CVE-2006-7038 (Multiple buffer overflows in MERCUR Messaging 2005 before Service Pack 4 allow remote attackers to cause a denial of service (crash) via (1) "long command lines at port 32000" and (2) certain name service queries that are not properly handled by the SMTP service.)

Различные уязвимости метода OnUnload в популярных браузерах
дополнено с 23 февраля 2007 г.
Опубликовано:28 февраля 2007 г.
Источник:
SecurityVulns ID:7297
Тип:клиент
Уровень опасности:
6/10
Описание:Различные повреждения памяти связанные с кратковременными событиями при выполнении метода OnUnload(). Кроме того, возможна подмена адреса страницы и создание страниц, которые невозможно покинуть.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MOZILLA : Firefox 1.5
 MOZILLA : Firefox 2.0
 MICROSOFT : Windows Vista
 OPERA : Opera 9.20
CVE:CVE-2007-1256 (Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092.)
 CVE-2007-1095 (Mozilla Firefox does not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.)
 CVE-2007-1094 (Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (NULL dereference and application crash) via JavaScript onUnload handlers that modify the structure of a document.)
 CVE-2007-1092 (Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects.)
 CVE-2007-1091 (Microsoft Internet Explorer 7 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via onUnload Javascript handlers.)
Оригинальный текстdocumentperpetualmotionuk, RE: MSIE7 browser entrapment vulnerability (probably Firefox, too) (28.02.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-08 (27.02.2007)
 documentSECUNIA, Secunia Research: Internet Explorer 7 "onunload" Event Spoofing Vulnerability (23.02.2007)
 documentMichal Zalewski, Firefox onUnload + document.write() memory corruption vulnerability (MSIE7 null ptr) (23.02.2007)
 documentMichal Zalewski, MSIE7 browser entrapment vulnerability (probably Firefox, too) (23.02.2007)
 documentMichal Zalewski, Firefox: onUnload tailgating (MSIE7 entrapment bug variant) (23.02.2007)

Утечка инфомрации в Mozilla Firefox (information leak)
дополнено с 23 февраля 2007 г.
Опубликовано:23 февраля 2008 г.
Источник:
SecurityVulns ID:7298
Тип:удаленная
Уровень опасности:
4/10
Описание:Существует возможность проверить посещалась ли пользвоателем определенная страница.
Затронутые продукты:MOZILLA : Firefox 1.5
 MOZILLA : Firefox 2.0
CVE:CVE-2007-1116 (The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI as a ChromeProtocol and can be loaded via JavaScript, which allows remote attackers to obtain sensitive information by querying the browser's session history.)
Оригинальный текстdocumentpdp (architect), Firefox Cache Hack - Firefox History Hack redux (23.02.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород