Информационная безопасность
[RU] switch to English


Обход защиты через ActiveX в Earthlink TotalAccess (protection bypass)
Опубликовано:25 января 2007 г.
Источник:
SecurityVulns ID:7112
Тип:клиент
Уровень опасности:
2/10
Описание:Возможно управлять белыми списками доменов и отправителей.
CVE:CVE-2007-0617 (The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked "safe for scripting," which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the (1) AddSenderToWhitelist and (2) AddDomainToWhitelist functions.)
Оригинальный текстdocumentEthan Hunt, [Full-disclosure] Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability (25.01.2007)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:25 января 2007 г.
Источник:
SecurityVulns ID:7108
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:SITEMAN : Siteman 1.1
 EZDATABASE : ezDatabase 2.1
 CALACODE : @Mail 4.51
 UNIFORUM : uniForum 4
 ASPEDGE : ASP EDGE 1.2
 COMMUNITYSERVER : Community Server 2.1
 WORDPRESS : WordPress 2.1
 XERO : Xero Portal 1.2
 MAKEIT : makit news/blog poster 3
 AZTEK : Aztek Forum 4.1
 SITEMAN : Siteman 2.0
 GUOX : GPS 1.2
 SHOPPINGBASKET : Shopping Basket Professional 7.50
 DRUPAL : Drupal Project Module 4.7
 DRUPAL : Drupal Project issue tracking Module 4.7
 CGERESCUE : CGI Rescue WebFORM 4.3
CVE:CVE-2007-0861 (** DISPUTED ** PHP remote file inclusion vulnerability in modules/mail/index.php in phpCOIN RC-1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _CCFG['_PKG_PATH_MDLS'] parameter. NOTE: this issue has been disputed by a reliable third party, who states that a fatal error occurs before the relevant code is reached.)
 CVE-2007-0632 (SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via a username cookie, a different vector than CVE-2007-0560.)
 CVE-2007-0601 (common/safety.php in Aztek Forum 4.00 allows remote attackers to enter certain data containing %22 sequences (URL encoded double quotes) and other potentially dangerous manipulations by sending a cookie, which bypasses the blacklist matching against the GET and PUT superglobal arrays.)
 CVE-2007-0600 (SQL injection vulnerability in news_page.asp in Martyn Kilbryde Newsposter Script (aka makit news/blog poster) 3 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter.)
 CVE-2007-0599 (Variable overwrite vulnerability in common/config.php in Aztek Forum 4.00 allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as copying arbitrary files using index/common_actions.php, via vectors associated with extract operations on the (1) POST, (2) GET, (3) COOKIE, and (4) SERVER superglobal arrays.)
 CVE-2007-0598 (SQL injection vulnerability in forum/load.php in Aztek Forum 4.00 allows remote attackers to execute arbitrary SQL commands via the fid cookie to forum.php.)
 CVE-2007-0597 (Aztek Forum 4.00 allows remote attackers to obtain sensitive information via a direct request to forum.php with the fid=XD query string, which reveals the path in an error message.)
 CVE-2007-0596 (PHP remote file inclusion vulnerability in index/main.php in Aztek Forum 4.00 allows remote authenticated administrators to execute arbitrary PHP code via a URL in the PF[top_url] parameter.)
 CVE-2007-0595 (Cross-site scripting (XSS) vulnerability in search in High 5 Review Site allows remote attackers to inject arbitrary web script or HTML via the q parameter (aka the search box).)
 CVE-2007-0594 (Siteman 2.0.x2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for db/siteman/users.MYD.)
 CVE-2007-0593 (Siteman 1.1.11 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for data/members.txt.)
 CVE-2007-0592 (Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to admin/login.php and the Admin Panel Database.)
 CVE-2007-0565 (CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote attackers to inject arbitrary operating system commands via unspecified vectors.)
 CVE-2007-0554 (SQL injection vulnerability in print.asp in Guo Xu Guos Posting System (GPS) 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.)
 CVE-2007-0547 (Cross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2007-0541 (WordPress allows remote attackers to determine the existence of arbitrary files, and possibly read portions of certain files, via pingback service calls with a source URI that corresponds to a local pathname, which triggers different fault codes for existing and non-existing files, and in certain configurations causes a brief file excerpt to be published as a blog comment.)
 CVE-2007-0540 (WordPress allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a file with a binary content type, which is downloaded even though it cannot contain usable pingback data.)
 CVE-2007-0539 (The wp_remote_fopen function in WordPress before 2.1 allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to a large file, which triggers a long download session without a timeout constraint.)
 CVE-2007-0538 (Telligent Community Server 2.1 and earlier allows remote attackers to cause a denial of service (bandwidth or thread consumption) via pingback service calls with a source URI that corresponds to (1) a large file, which triggers a long download session without a timeout constraint; or (2) a file with a binary content type, which is downloaded even though it cannot contain usable pingback data.)
 CVE-2007-0534 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project issue tracking 4.7.0 through 5.x before 20070123 and (2) Project 4.6.0 through 5.x before 20070123 modules for Drupal allow remote authenticated users to inject arbitrary web script or HTML via (a) certain "fields on project nodes" or (b) "certain project-specific settings regarding issue tracking.")
 CVE-2007-0506 (The project_issue_access function in the Project issue tracking 4.7.0 through 5.x before 20070123 module for Drupal allows remote authenticated users to bypass other access control modules and obtain attached files by guessing the filename, and obtain issue information via direct requests.)
 CVE-2007-0505 (Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue.)
 CVE-2007-0226 (SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier allows remote attackers to execute arbitrary SQL commands via the "by User" field (aka the TXbyuser parameter).)
Оригинальный текстdocumentNetragard Security Advisories, [NETRAGARD-20061218 SECURITY ADVISORY] [@Mail WebMail Cross Site Request Forgery] (25.01.2007)
 documentSECUNIA, [SA23913] CGI Rescue WebFORM Cross-Site Scripting and HTTP Header Injection (25.01.2007)
 documentSECUNIA, [SA23887] Drupal Project Issue Tracking Module Multiple Vulnerabilities (25.01.2007)
 documentSECUNIA, [SA23908] Drupal Project Module Script Insertion Vulnerability (25.01.2007)
 documentSECUNIA, [SA23909] Shopping Basket Professional Command Injection (25.01.2007)
 documentCorryL, [x0n3-h4ck] Siteman 2.0.x2 Remote Md5 Hash Disclosure Vulnerability (25.01.2007)
 documentme you, phpCOIN <= RC-1 (modules/mail/index.php) Remote File Include Vulnerability (25.01.2007)
 documentajannhwt_(at)_hotmail.com, ASP EDGE <= V1.2b (user.asp) Remote SQL Injection Vulnerability (25.01.2007)
 documentHackers Center Security Group, EzDatabase Multiple Cross-Site Scripting Vulnerability (25.01.2007)
 documentajannhwt_(at)_hotmail.com, uniForum <= v4 (wbsearch.aspx) Remote SQL Injection Vulnerability (25.01.2007)
 documentbmatheny_(at)_mobocracy.net, Weaknesses in Pingback Design (25.01.2007)
 documentbmatheny_(at)_mobocracy.net, Multiple Remote Vulnerabilities in Wordpress (25.01.2007)
 documentbmatheny_(at)_mobocracy.net, DoS against Telligent Community Server (25.01.2007)
Файлы:Exploits Xero Portal v1.2 (phpbb_root_path) Local File Include Vulnerablity
 Aztek Forum 4.1 Multiple Vulnerabilities Exploit

Переполнение буфера в поставщике печати Citrix Metaframe / Javvin DiskAccess (buffer overflow)
Опубликовано:25 января 2007 г.
Источник:
SecurityVulns ID:7109
Тип:удаленная
Уровень опасности:
7/10
Описание:Переполнения буфера в функциях EnumPrintersW() и OpenPrinter() библиотеки cpprov.dll.
Затронутые продукты:CITRIX : MetaFrame Presentation Server 3.0
 CITRIX : Metaframe Presentation Server 4.0
 CITRIX : MetaFrame XP 1.0
 JAVVIN : DiskAccess 0.6
CVE:CVE-2007-0641 (Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 in Shaffer Solutions (SSC) DiskAccess NFS Client allows remote attackers to execute arbitrary code via a long argument, an issue similar to CVE-2006-5854 and CVE-2007-0444.)
 CVE-2007-0444 (Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions.)
 CVE-2006-5854 (Multiple buffer overflows in the Spooler service (nwspool.dll) in Novell Netware Client 4.91 through 4.91 SP2 allow remote attackers to execute arbitrary code via a long argument to the (1) EnumPrinters and (2) OpenPrinter functions.)
Оригинальный текстdocumentZDI, ZDI-07-006: Citrix Metaframe Presentation Server Print Provider Buffer Overflow Vulnerability (25.01.2007)
Файлы:Proof of concept exploit for ZDI - Citrix Metaframe spooler service vulnerability
 Universal exploit for vulnerable printer providers (spooler service)

Многочисленные повышения привилегий в персональном брандмауэре CA (privilege escalation)
Опубликовано:25 января 2007 г.
Источник:
SecurityVulns ID:7110
Тип:локальная
Уровень опасности:
6/10
Описание:Многочисленные ошибки в драйверах HIPS Core (KmxStart.sys) и HIPS Firewall (KmxFw.sys)
Затронутые продукты:CA : CA Personal Firewall 2007
 CA : CA Internet Security Suite 2007
CVE:CVE-2006-6952 (Computer Associates Host Intrusion Prevention System (HIPS) drivers (1) Core kmxstart.sys 6.5.4.31 and (2) Firewall kmxfw.sys 6.5.4.10 allow local users to gain privileges by using certain privileged IOCTLs to modify callback function pointers.)
Оригинальный текстdocumentCA, [CAID 34818]: CA Personal Firewall Multiple Privilege Escalation Vulnerabilities (25.01.2007)

DoS против библиотеки gtk
Опубликовано:25 января 2007 г.
Источник:
SecurityVulns ID:7111
Тип:библиотека
Уровень опасности:
5/10
Описание:Отказ при разборе изображений GIF.
CVE:CVE-2007-0010 (The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.)
Оригинальный текстdocumentRPATH, rPSA-2007-0019-1 gtk (25.01.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород