Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
дополнено с 24 января 2007 г.
Опубликовано:24 января 2007 г.
Источник:
SecurityVulns ID:7090
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:PHPADSNEW : phpAdsNew 2.0
 PHPOPENADS : phpPgAds 2.0
 PHPNUKE : PHP-Nuke 7.9
 WEBSITEBAKER : Website Baker 2.6
 BITWEAVER : bitweaver 1.3
 FREEFORUM : FreeForum 0.9
 CMSIMPLE : cmsimple 2.7
 PHPLINKDIRECTORY : PHP Link Directory 3.0
 OPENREALTY : Open-Realty 2.3
 UPLOADSCRIPT : UploadScript 1.02
 UPLOADSERVICE : Upload Service 1.0
 ADVANCEDGUESTBOO : Advanced Guestbook 2.4
 SCRIPTSEZ : Random PHP Quote 1.0
 YANAFRAMEWORK : Yana Framework 2.8
 INDISGUISE : Enthusiast 3.1
 PHPXD : phpxd 0.3
 BBCLONE : bbclone 0.31
 RPW : RPW 1.0
 ASPEDGE : ASP EDGE 1.2
 ASPNEWS : ASP NEWS 3
 VOTEPRO : Vote-Pro 4.0
 FREEWEBSHOP : FreeWebshop.org Script 2.2
 DRUPAL : Drupal Acidfree Module 4.6
 OPENADS : Openads 2.0
 WEBGUI : WebGUI 7.3
 DJANGO : django 0.95
 ZIXFORUM : ZixForum 1.14
 MAXTRICITY : Maxtricity Tagger 0.1
CVE:CVE-2007-0629 (The www_purgeList method in Plain Black WebGUI before 7.3.8 does not properly check user permissions, which allows attackers to delete unauthorized assets. NOTE: some of these details are obtained from third party information.)
 CVE-2007-0610 (Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web script or HTML via the sender parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-0566 (SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.)
 CVE-2007-0560 (SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.)
 CVE-2007-0559 (PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the sql_language parameter.)
 CVE-2007-0551 (Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php in CMSimple 2.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) pth[file][config] and (2) pth[file][image] parameters.)
 CVE-2007-0546 (Toxiclab Shoutbox 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for db.mdb.)
 CVE-2007-0545 (Maxtricity Tagger 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for tagger.mdb.)
 CVE-2007-0543 (ZixForum 1.14 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for Zixforum.mdb. NOTE: a followup post suggests that this issue only occurs if the administrator does not properly follow installation directions.)
 CVE-2007-054
 CVE-2007-0535 (Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the poll_id parameter, which is supplied to eval function calls, a different set of vectors than CVE-2007-0504. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-0533 (The AToZed IntraWeb component 8.0 and earlier for Borland Delphi and Kylix, and IntraWeb 9.0 before build (9.0.12), allows remote attackers to cause a denial of service (thread hang or CPU consumption) via a crafted HTTP request, related to the OnBeforeDispatch function in the TIWServerController object.)
 CVE-2007-0531 (PHP remote file inclusion vulnerability in includes/login.php in FreeWebShop 2.2.3 and 2.2.4 before 20070123 allows remote attackers to execute arbitrary PHP code via a URL in the lang_file parameter.)
 CVE-2007-0530 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Advanced Guestbook 2.4.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) index.php, (2) addentry.php, or (3) picture.php, a different set of vectors than CVE-2006-5804. NOTE: this issue has been disputed by third party researchers, stating that the include_path variable is instantiated before use.)
 CVE-2007-0529 (Cross-site scripting (XSS) vulnerability in index.html (aka the administration page) in PHP Link Directory (phpLD) 3.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted link, which is triggered when the administrator uses the "Validate Links" functionality.)
 CVE-2007-0527 (SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter. NOTE: some of these details are obtained from third party information.)
 CVE-2007-0526 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 allow remote attackers to inject arbitrary web script or HTML via the URL (PATH_INFO) to (1) articles/edit.php, (2) articles/list.php, (3) blogs/list_blogs.php, or (4) blogs/rankings.php.)
 CVE-2007-0520 (SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x allows remote attackers to execute arbitrary SQL commands via the bid parameter.)
 CVE-2007-0516 (Yana Framework before 2.8.5a allows remote authenticated users with permissions to modify a guestbook profile to modify or delete arbitrary guestbook profiles via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-0511 (Multiple PHP remote file inclusion vulnerabilities in phpXMLDOM (phpXD) 0.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) dom.php, (2) dtd.php, or (3) parser.php in include/.)
 CVE-2007-0508 (PHP remote file inclusion vulnerability in lib/selectlang.php in BBClone 0.31 allows remote attackers to execute arbitrary PHP code via a URL in the BBC_LANGUAGE_PATH parameter.)
 CVE-2007-0507 (SQL injection vulnerability in the Acidfree module for Drupal before 4.6.x-1.0, and before 4.7.x-1.0 in the 4.7 series, allows remote authenticated users with "create acidfree albums" privileges to execute arbitrary SQL commands via node titles.)
 CVE-2007-0504 (Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the poll_id parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632.)
 CVE-2007-0490 (index.php in Open-Realty 2.3.4 allows remote attackers to obtain sensitive information (the full path) via an invalid listingID parameter in a listingview action.)
 CVE-2007-0487 (** DISPUTED ** PHP remote file inclusion vulnerability in index.php in FreeForum 0.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. NOTE: this issue has been disputed by third party researchers, stating that fpath variable is initialized before being used.)
 CVE-2007-0486 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Openads (aka phpAdsNew) 2.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the (1) phpAds_geoPlugin parameter to libraries/lib-remotehost.inc, the (2) filename parameter to admin/report-index, or the (3) phpAds_config[my_footer] parameter to admin/lib-gui.inc. NOTE: the vendor has disputed this issue, stating that the relevant variables are used within function definitions.)
 CVE-2007-0484 (Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote attackers to execute arbitrary SQL commands via the cat parameter to (1) show_owned.php, (2) show_joined.php, and possibly other files. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-0483 (Multiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) show_owned.php or (2) show_joined.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-0477 (Cross-site scripting (XSS) vulnerability in Openads 2.0.x before 2.0.10, 2.3 before 2.3.31 (aka Max Media Manager before 0.3.31-alpha-pr2), and phpAdsNew/phpPgAds before 2.0.9-pr1 allows remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in admin-search.php and (2) affiliate-search.php. NOTE: this issue may overlap CVE-2007-0363.)
 CVE-2007-0407 (Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain Black WebGUI before 7.3.5 (beta) allows remote attackers to inject arbitrary web script or HTML via the username parameter during anonymous registration, a different vector than CVE-2007-0308. NOTE: it is possible that a separate "WikiPage titles" issue was also fixed.)
 CVE-2007-0405 (The LazyUser class in the AuthenticationMiddleware for Django 0.95 does not properly cache the user name across requests, which allows remote authenticated users to gain the privileges of a different user.)
 CVE-2007-0404 (bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows attackers to execute arbitrary commands via shell metacharacters in a (1) .po or (2) .mo file.)
 CVE-2007-0363 (Cross-site scripting (XSS) vulnerability in admin-search.php in (1) Openads for PostgreSQL (aka phpPgAds) before 2.0.10 and (2) Openads (aka phpAdsNew) before 2.0.10 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.)
 CVE-2007-0308 (Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before 7.3.4 (beta) allows remote attackers to inject arbitrary web script or HTML via Wiki Page titles.)
Оригинальный текстdocumentbeks, Maxtricity Tagger Password Disclosure Vulnerability (24.01.2007)
 documentme you, ZixForum <= 1.14 (Zixforum.mdb) Remote Password Disclosure Vulnerability (24.01.2007)
 documentMatteo Beccati, [Full-disclosure] [OPENADS-SA-2007-001] phpAdsNew and phpPgAds 2.0.9-pr1 vulnerability fixed (24.01.2007)
 documentbeks, Toxiclab Shoutbox Password Disclosure Vulnerability (24.01.2007)
 documentSECUNIA, [SA23826] Django Two Vulnerabilities (24.01.2007)
 documentSECUNIA, [SA23754] WebGUI User Name Script Insertion Vulnerability (24.01.2007)
 documentSECUNIA, [SA23720] Openads / Openads for PostgreSQL Cross-Site Scripting Vulnerability (24.01.2007)
 documentPHPNUKE, [SA23748] PHP-Nuke "cat" Old Articles Block SQL Injection (24.01.2007)
 documentSECUNIA, [SA23895] Drupal Acidfree Module "node titles" SQL Injection Vulnerability (24.01.2007)
 documentSECUNIA, [SA23898] FreeWebShop.org "lang_file" File Inclusion Vulnerability (24.01.2007)
 documentAdvisory_(at)_Aria-Security.net, [Aria-Security Team] MyBB Cross-Site Scripting (24.01.2007)
 documentajannhwt_(at)_hotmail.com, ASP NEWS <= V3 (news_detail.asp) Remote SQL Injection Vulnerability (24.01.2007)
 documentajannhwt_(at)_hotmail.com, ASP EDGE <= V1.2b (user.asp) Remote SQL Injection Vulnerability (24.01.2007)
 documentDr Max Virus, phpXD <= 0.3 (path) Remote File Inclusion Vulnerability (24.01.2007)
 documentDr Max Virus, BBClone 0.31 (selectlang.php) Remote File Inclusion Vulnerability (24.01.2007)
 documentDr Max Virus, RPW 1.0.2 (config.php sql_language) Remote File Inclusion Vulnerability: (24.01.2007)
 documentSECUNIA, [SA23865] Enthusiast Cross-Site Scripting and SQL Injection (24.01.2007)
 documentSECUNIA, [SA23855] Yana Framework Guestbook Profile Security Bypass (24.01.2007)
 documentthe.tiger100_(at)_gmail.com, subscribe (pwd.txt) Remote Password Disclosur (24.01.2007)
 documentthe.tiger100_(at)_gmail.com, RANDOM PHP QUOTE 1.0 (pwd.txt) Remote Password Disclosur (24.01.2007)
 documentC0r3 1mp4ct, AToZed Software Intraweb Component for Borland Delphi and Kylix DoS vulnerability (24.01.2007)
 documentme you, Advanced Guestbook <=- 2.4.2 (include_path) Remote File Include Vulnerability (24.01.2007)
 documenty3dips_(at)_gmail.com, [ECHO_ADV_62$2007] Upload Service 1.0 remote file inclusion (24.01.2007)
 documentRolf Huisman, SQL Injection by using Cookie Poisoning for Website Baker Version 2.6.5 and before (24.01.2007)
 documentme you, Uploader <= (userdata/user_1.txt) Password Disclosure Vulnerability (24.01.2007)
 documentme you, UploadScript <=- v1.02 (password.txt) Remote Password Disclosure Vulnerability (24.01.2007)
 documentCorryL, [x0n3-h4ck] bitweaver 1.3.1 XSS Exploit (24.01.2007)
 documentxx_hack_xx_2004_(at)_hotmail.com, Full Path Disclosure in Open-Realty ( v2.3.4 ) (24.01.2007)
 documentjussi.vuokko_(at)_smilehouse.com, PHP Link Directory XSS Vulnerability version <= 3.0.6 (24.01.2007)
 documentmr alkomandoz, phpAdsNew 2.0.7 Remote File Include (24.01.2007)
 documentmr alkomandoz, cmsimple 2.7 Remote File Include (24.01.2007)
 documentxx_hack_xx_2004_(at)_hotmail.com, SQL Injection in Unique Ads ( UDS ) (24.01.2007)
 documentxx_hack_xx_2004_(at)_hotmail.com, XSS in Guestbook ( v.4.00 beta ) (24.01.2007)
 documentAdvisory_(at)_Aria-Security.net, XMB "U2U Instant Messenger" Cross-Site Scripting (24.01.2007)
 documentme you, FreeForum 0.9.0 <=- (index.php fpath) Remote File Include Vulnerability (24.01.2007)
 documentlaurent gaffié, FishCart [injection sql] (24.01.2007)
Файлы:Vote-Pro Code Injection Exploit

Проблемы с обработкой тэга SCRIPT в Apple Safari / Konqueror (filtering bypass)
Опубликовано:24 января 2007 г.
Источник:
SecurityVulns ID:7091
Тип:клиент
Уровень опасности:
3/10
Описание:Браузер воспринимает тэги <script> внутри комментария HTML, что противоречит стандарту.
Затронутые продукты:KDE : KDE 3.5
 APPLE : MacOS X 10.4
 KDE : Konqueror 3.5
CVE:CVE-2007-0537 (The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to CVE-2007-0478.)
 CVE-2007-0478 (Apple Safari does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.)
Оригинальный текстdocumentJose Avila III, Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability (24.01.2007)

Проблема символьных линков при установке OpenLDAP (symbolic links)
Опубликовано:24 января 2007 г.
Источник:
SecurityVulns ID:7094
Тип:удаленная
Уровень опасности:
4/10
Описание:Небезопасное создание временных файлов в скрипте установки gencert.sh.
Затронутые продукты:OPENLDAP : OpenLDAP 2.2
 OPENLDAP : OpenLDAP 2.1
 OPENLDAP : OpenLDAP 2.3
CVE:CVE-2007-0476 (The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack.)
Оригинальный текстdocumentGENTOO, [ GLSA 200701-19 ] OpenLDAP: Insecure usage of /tmp during installation (24.01.2007)

Несанкционированный доступ ко многим IP-телефонам
Опубликовано:24 января 2007 г.
Источник:
SecurityVulns ID:7095
Тип:удаленная
Уровень опасности:
5/10
Описание:После входа администратора с любого адреса можно получить административный доступ к устройству без ввода пароля.
Затронутые продукты:ATCOM : ATCOM AT-320ED
 ATCOM : ATCOM AT-323
 IPLINK : JR168_100B
 IPLINK : JR168_100W
 IPLINK : JR168_200
 NETWEBGROUP : Netweb 401
 NETWEBGROUP : Netweb 402
 WUCHAN : Wuchuan HOP-1001
 WUCHAN : Wuchuan HOP-1002
 WUCHAN : Wuchuan HOP-1003
 GIPTEL : Giptel G100
 SIPTRONIC : Siptronic ST-100
 SIPTRONIC : Siptronic ST-150
 MERITLINE : KE1020 Netphone
 MERITLINE : Meritline ML210
 INTEGRATEDNETWOR : Integrated Networks IN-1002
 ARTDIO : ArtDio IPF-2000
 ARTDIO : ArtDio IPF-2002L
 PERFECTONE : Perfectone IP300
CVE:CVE-2007-0528 (The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data).)
Оригинальный текстdocumentProCheckUp Research, PR06-14: IP Phones based on Centrality Communications/Aredfox PA168 chipset weak session management vulnerability (24.01.2007)
Файлы:Multiple IP phones remote administrator login check

Переполнение буфера в Microsoft Visual Studio (buffer overflow)
Опубликовано:24 января 2007 г.
Источник:
SecurityVulns ID:7096
Тип:локальная
Уровень опасности:
3/10
Описание:Переполнение буфера при разборе файла .RC на длинных путях к файлу какого-либо параметра.
Затронутые продукты:MICROSOFT : Visual Studio 6.0
CVE:CVE-2007-0468 (Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ (MSVC) in Microsoft Visual Studio 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a long file path in the "1 TYPELIB MOVEABLE PURE" option in an RC file.)
Оригинальный текстdocumentporkythepig_(at)_anspi.pl, Microsoft Visual C++ (.RC) resource files buffer overflow vulnerability (24.01.2007)
Файлы:Microsoft Visual C++ 6.0 SP6 resource compiler buffer overflow vulnerability .rc resource files exploit

Переполнение буфера в ActiveX Sienzo Digital Music Mentor (buffer overflow)
Опубликовано:24 января 2007 г.
Источник:
SecurityVulns ID:7098
Тип:клиент
Уровень опасности:
5/10
Описание:Переполнение буфера в методе SetFormatLikeSample() NCTAudioFile2.AudioFile.
Затронутые продукты:SIENZO : Sienzo Digital Music Mentor 2.6
CVE:CVE-2007-0018 (Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (18) Virtual CD; (19) Cheetah CD and DVD B)
Оригинальный текстdocumentSECUNIA, [Full-disclosure] Secunia Research: Sienzo Digital Music Mentor NCTAudioFile2 ActiveX Control Buffer Overflow (24.01.2007)

DoS через Bluetooth против многих сотовых телефонов
Опубликовано:24 января 2007 г.
Источник:
SecurityVulns ID:7092
Тип:удаленная
Уровень опасности:
4/10
Описание:Флуд сообщениями ussp-push приводит к появлению на экране большого количества запросов на загрузку файла, блокируя интерфейс пользвоателя.
Затронутые продукты:NOKIA : Nokia N70
 SONYERICSSON : Sony Ericsson K700i
 MOTOROLLA : MOTORAZR V3
 SONYERICSSON : Sony Ericsson W810i
 LG : Chocolate KG800
CVE:CVE-2007-0524 (The LG Chocolate KG800 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.)
 CVE-2007-0523 (The Nokia N70 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.)
 CVE-2007-0522 (The Motorola MOTORAZR V3 phone allows remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.)
 CVE-2007-0521 (The Sony Ericsson K700i and W810i phones allow remote attackers to cause a denial of service (continual modal dialogs and UI unavailability) by repeatedly trying to OBEX push a file over Bluetooth, as demonstrated by ussp-push.)
Оригинальный текстdocumentArmin Hornung, Bluetooth DoS by obex push (24.01.2007)
Файлы:Bluetooth DoS by obex push PoC

Ошибка форматной строки в xine-ui (format string)
Опубликовано:24 января 2007 г.
Источник:
SecurityVulns ID:7093
Тип:клиент
Уровень опасности:
5/10
Описание:Ошибка форматной строки в функции errors_create_window() при разборе медиа-файлов.
Затронутые продукты:XINE : xine-ui 0.99
CVE:CVE-2007-0254 (Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors.)
Оригинальный текстdocumentsaik0pod_(at)_yahoo.com, Xine-ui format string Vulnerabilties. (24.01.2007)

DoS через IPv6 против маршрутизаторов Cisco
Опубликовано:24 января 2007 г.
Источник:
SecurityVulns ID:7100
Тип:удаленная
Уровень опасности:
6/10
Описание:Отказ маршрутизатора при разборе заголовка RH (Routing Header) пакета IPv6.
Затронутые продукты:CISCO : IOS 12.0
 CISCO : IOS 12.1
 CISCO : IOS 12.2
 CISCO : IOS 12.3
 CISCO : IOS 12.4
CVE:CVE-2007-0481 (Cisco IOS allows remote attackers to cause a denial of service (crash) via a crafted IPv6 Type 0 Routing header.)
Оригинальный текстdocumentCISCO, [Full-disclosure] Cisco Security Advisory: IPv6 Routing Header Vulnerability (24.01.2007)

Повреждение памяти в библиотеках Apple QuickDraw (memory corruption)
Опубликовано:24 января 2007 г.
Источник:
SecurityVulns ID:7102
Тип:библиотека
Уровень опасности:
6/10
Описание:Вопреждение памяти при разборе записи ARGB изображения формата PICT.
Затронутые продукты:APPLE : Mac OS X 10.4
CVE:CVE-2007-0588 (The InternalUnpackBits function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT file that triggers memory corruption in the _GetSrcBits32ARGB function. NOTE: this issue might overlap CVE-2007-0462.)
 CVE-2007-0462 (The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption.)
Оригинальный текстdocumentMOAB, MOAB-23-01-2007: Apple QuickDraw GetSrcBits32ARGB() Memory Corruption Vulnerability (24.01.2007)
Файлы:Exploits Apple QuickDraw GetSrcBits32ARGB() Memory Corruption Vulnerability

Повышение привилегий через tip в Sun Solaris (privilege escalation)
Опубликовано:24 января 2007 г.
Источник:
SecurityVulns ID:7103
Тип:локальная
Уровень опасности:
5/10
Описание:Повышение привилегий до пользвоателя uucp.
Затронутые продукты:ORACLE : Solaris 8
 ORACLE : Solaris 9
 ORACLE : Solaris 10
CVE:CVE-2007-0470 (Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors.)
Оригинальный текстdocumentSECUNIA, [SA23821] Sun Solaris "tip" Command Privilege Escalation (24.01.2007)

DoS через IPv6 ICMPv6 в OpenBSD
Опубликовано:24 января 2007 г.
Источник:
SecurityVulns ID:7105
Тип:удаленная
Уровень опасности:
5/10
Описание:Вечный цикл при разборе пакета ICMPv6.
Затронутые продукты:OPENBSD : OpenBSD 3.9
 OPENBSD : OpenBSD 4.0
CVE:CVE-2007-0343 (OpenBSD before 20070116 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via certain IPv6 ICMP (aka ICMP6) echo request packets.)
Оригинальный текстdocumentSECUNIA, [SA23830] OpenBSD ICMP6 Denial of Service Vulnerability (24.01.2007)

Утечка информации в сервере Sun Ray
Опубликовано:24 января 2007 г.
Источник:
SecurityVulns ID:7106
Тип:локальная
Уровень опасности:
5/10
Описание:Пароль администратора utadmin заносится в файл журнала скрипт /cgi-bin/mail.
Затронутые продукты:SUN : Sun Ray Server Software 3.0
 SUN : Sun Ray Server Software 2.0
CVE:CVE-2007-0482 (cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 allows local users to obtain the utadmin password by reading a web server's log file, or by conducting a different, unspecified local attack.)
Оригинальный текстdocumentSECUNIA, [SA23900] Sun Ray Server Software Password Disclosure (24.01.2007)

Несанционированный доступ через pam (unauthorized access)
Опубликовано:24 января 2007 г.
Источник:
SecurityVulns ID:7104
Тип:удаленная
Уровень опасности:
5/10
Описание:При наличии определнных символов в хэше пароля возможен доступ с любым паролем.
Затронутые продукты:PAM : pam 0.99
CVE:CVE-2007-0003 (pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.)
Оригинальный текстdocumentSECUNIA, [SA23858] Linux-PAM Login Bypass Security Vulnerability (24.01.2007)

Утечка памяти в маршрутизаторах Cisco (memory leak)
Опубликовано:24 января 2007 г.
Источник:
SecurityVulns ID:7097
Тип:удаленная
Уровень опасности:
6/10
Описание:Утечка памяти при обработке входящих TCP-пакетов.
Затронутые продукты:CISCO : IOS 12.0
 CISCO : IOS 12.1
 CISCO : IOS 12.2
 CISCO : IOS 12.3
 CISCO : IOS 12.4
CVE:CVE-2007-0479 (Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, and 12.x allows remote attackers to cause a denial of service by sending crafted TCP traffic to an IPv4 address on the IOS device.)
Оригинальный текстdocumentCISCO, [Full-disclosure] Cisco Security Advisory: Crafted TCP Packet Can Cause Denial of Service (24.01.2007)

Переполнение буфера через UserNotificationCenter в Mac OS X (privilege escalation)
Опубликовано:24 января 2007 г.
Источник:
SecurityVulns ID:7101
Тип:локальная
Уровень опасности:
6/10
Описание:При запуске приложения не сбрасываются привилегии группы wheel.
Затронутые продукты:APPLE : Mac OS X 10.4
CVE:CVE-2007-0023 (The CFUserNotificationSendRequest function in UserNotificationCenter.app in Apple Mac OS X 10.4.8, when used in combination with diskutil, allows local users to gain privileges via a malicious InputManager in Library/InputManagers in a user's home directory, which is executed when Cocoa applications attempt to notify the user.)
Оригинальный текстdocumentMOAB, MOAB-22-01-2007: Apple UserNotificationCenter Privilege Escalation Vulnerability (24.01.2007)
Файлы:"Exploit" for Apple UserNotificationCenter Privilege Escalation Vulnerability

DoS и выполнение кода через опции IP против маршрутизаторов Cisco (code execution)
Опубликовано:24 января 2007 г.
Источник:
SecurityVulns ID:7107
Тип:удаленная
Уровень опасности:
10/10
Описание:ICMP, UDP или TCP пакет с определенным набором IP-опций приводит приводит к перезагрузке устройства или выполнению кода.
Затронутые продукты:CISCO : IOS 12.2
 CISCO : IOS 12.3
 CISCO : IOS XR 3.2
 CISCO : IOS XR 3.4
 CISCO : IOS 12.0
 CISCO : IOS 12.1
CVE:CVE-2007-0480 (Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x allows remote attackers to cause a denial of service or execute arbitrary code via a crafted IP option in the IP header in a (1) ICMP, (2) PIMv2, (3) PGM, or (4) URD packet.)
Оригинальный текстdocumentCISCO, [Full-disclosure] Cisco Security Advisory: Crafted IP Option Vulnerability (24.01.2007)

Переполнение буфера через AxtiveX во многих продуктах NCTsoft (buffer overflow)
дополнено с 24 января 2007 г.
Опубликовано:11 мая 2007 г.
Источник:
SecurityVulns ID:7099
Тип:клиент
Уровень опасности:
5/10
Описание:Переполнение буера в методе SetFormatLikeSample() NCTAudioFile2.AudioFile.
Затронутые продукты:NCTSOFT : NCTAudioStudio 2.7
 NCTSOFT : NCTAudioEditor 2.7
 NCTSOFT : NCTDialogicVoice 2.7
 BEARSHARE : BearShare 6.0
CVE:CVE-2007-0018 (Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (18) Virtual CD; (19) Cheetah CD and DVD B)
Оригинальный текстdocumentSECUNIA, Secunia Research: BearShare NCTAudioFile2 ActiveX Control Buffer Overflow (11.05.2007)
 documentSECUNIA, [Full-disclosure] Secunia Research: NCTsoft Products NCTAudioFile2 ActiveX Control Buffer Overflow (24.01.2007)
Файлы:E NCTAudioFile2.AudioFile ActiveX Remote Stack Overfl0w
 [PoC] 79 Exes's / IE NCTAudioFile2.AudioFile ActiveX Remote Stack Overfl0w

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород