Информационная безопасность
[RU] switch to English


переполнение буфера в ActiveX SupportSoft Используемом в продуктах Symantec (buffer overflow)
Опубликовано:25 февраля 2007 г.
Источник:
SecurityVulns ID:7302
Тип:клиент
Уровень опасности:
6/10
Описание:Переполнение буфера стековой памяти.
Затронутые продукты:SYMANTEC : Norton Internet Security 2006
 SYMANTEC : Norton AntiVirus 2006
 SYMANTEC : Norton SystemWorks 2006
CVE:CVE-2006-6490 (Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message.)
Оригинальный текстdocumentSYMANTEC, [email protected] (25.02.2007)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:25 февраля 2007 г.
Источник:
SecurityVulns ID:7305
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:COPPERMINE : Coppermine Photo Gallery 1.3
 PHPWEBGALLERY : Phpwebgallery 1.4
 MICRONETWORK : ActiveCalendar 1.2
 PHOTOSTAND : Photostand 1.2
 PHPBB : phpBB Extreme 3.0
 CSGALLERY : CS-Gallery 2.0
 PHPBB : NoMoKeTos Rules 0.0 phpBB module
 SINAPIS : Sinapis Forum 2.2
 SINAPIS : Sinapis Gastebuch 2.2
 FCRING : FCRing 1.3
CVE:CVE-2007-1133 (PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_fuss parameter.)
 CVE-2007-1131 (PHP remote file inclusion vulnerability in sinapis.php in Sinapis Forum 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter.)
 CVE-2007-1130 (PHP remote file inclusion vulnerability in sinagb.php in Sinapis Gastebuch 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter.)
 CVE-2007-1128 (shopkitplus allows remote attackers to obtain sensitive information via a request to (1) events.php with a curmonth[]=01 query string or (2) enc/stylecss.php with a changetheme[]= query string, which reveals the path in various error messages.)
 CVE-2007-1127 (Directory traversal vulnerability in enc/stylecss.php in shopkitplus allows remote attackers to read arbitrary files via a .. (dot dot) in the changetheme parameter.)
 CVE-2007-1126 (Directory traversal vulnerability in index.php in xtcommerce allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.)
 CVE-2007-1125 (Cross-site scripting (XSS) vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to inject arbitrary web script or HTML via the f parameter.)
 CVE-2007-1124 (Directory traversal vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.)
 CVE-2007-1111 (Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the css parameter to (1) flatevents.php, (2) js.php, (3) mysqlevents.php, (4) m_2.php, (5) m_3.php, (6) m_4.php, (7) xmlevents.php, (8) y_2.php, or (9) y_3.php in data/.)
 CVE-2007-1110 (Directory traversal vulnerability in data/showcode.php in ActiveCalendar 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter.)
 CVE-2007-1109 (Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) login or (2) mail_address field in Register.php, or the (3) search_author, (4) mode, (5) start_year, (6) end_year, or (7) date_type field in Search.php, a different vulnerability than CVE-2006-1674. NOTE: 1.6.2 and other versions might also be affected.)
 CVE-2007-1108 (PHP remote file inclusion vulnerability in index.php in Christian Schneider CS-Gallery 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the album parameter during a securealbum todo action.)
 CVE-2007-1108 (PHP remote file inclusion vulnerability in index.php in Christian Schneider CS-Gallery 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the album parameter during a securealbum todo action.)
 CVE-2007-1107 (SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie.)
 CVE-2007-1106 (PHP remote file inclusion vulnerability in includes/functions_nomoketos_rules.php in the NoMoKeTos Rules 0.0.1 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.)
 CVE-2007-1105 (PHP remote file inclusion vulnerability in functions.php in Extreme phpBB (aka phpBB Extreme) 3.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.)
 CVE-2007-1102 (Photostand 1.2.0 allows remote attackers to obtain sensitive information via a ' (quote) character in (1) a PHPSESSID cookie or (2) the id parameter in an article action in index.php, which reveal the path in various error messages.)
 CVE-2007-1101 (Multiple cross-site scripting (XSS) vulnerabilities in Photostand 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) message ("comment") or (2) name field, or the (3) q parameter in a search action in index.php.)
 CVE-2007-1100 (Directory traversal vulnerability in download.php in Ahmet Sacan Pickle before 20070301 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.)
Оригинальный текстdocumentkezzap66345, Sinapis 2.2 Gastebuch (sinagb.php fuss) Remote File Include Vulnerability (25.02.2007)
 documentkezzap66345, Sinapis Forum 2.2 (sinapis.php fuss) Remote File Include Vulnerability (25.02.2007)
 documentkezzap66345, FCRing <= 1.31 (fcring.php s_fuss) Remote File Include Vulnerability (25.02.2007)
 documentSimon Bonnard, Phpwebgallery-1.4.1, Multiple Cross Site Scripting (25.02.2007)
 documentSimon Bonnard, Photostand_1.2.0 Multiple Cross Site Scripting (25.02.2007)
 documentSimon Bonnard, ActiveCalendar 1.2.0, Multiple vulnerabilities (25.02.2007)
 documentlaurent gaffié, pickle download local file (25.02.2007)
 documentlaurent gaffié, Simple one-file gallery (25.02.2007)
 documentlaurent gaffié, xtcommerce local file include (25.02.2007)
 documentlaurent gaffié, shopkitplus local file include (25.02.2007)
Файлы:Coppermine Photo Gallery 1.3.x Blind SQL Injection Exploit
 phpBB Extreme 3.0.1 (phpbb_root_path) Remote File Include Exploit
 File Inclusion Exploit for CS_Gallery <= 2.0
 phpBB Module NoMoKeTos Rules 0.0.1 Remote File Include Exploit

DoS против Windows Explorer в Microsoft Windows
дополнено с 25 февраля 2007 г.
Опубликовано:26 февраля 2007 г.
Источник:
SecurityVulns ID:7301
Тип:локальная
Уровень опасности:
5/10
Описание:Отказ программы при просмотре содержимого папки с поврежденным файлом WMF.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003
CVE:CVE-2007-1090 (Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder.)
Оригинальный текстdocument3APA3A, Few unreported vulnerabilities by SehaTo (26.02.2007)
 documentsehato, Explorer WMF File Denial Of Service (25.02.2007)
Файлы:Microsoft Windows explorer crash PoC

Многочисленные уязвимости в Mozilla libnss (multiple bugs)
дополнено с 25 февраля 2007 г.
Опубликовано:27 февраля 2007 г.
Источник:
SecurityVulns ID:7303
Тип:библиотека
Уровень опасности:
6/10
Описание:Многочисленные переполнения буфера и целочисленные переполнения в реализации кода клиента и сервера SSL2.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MOZILLA : Firefox 1.5
 MOZILLA : nss 3.10
 MICROSOFT : Windows Vista
 OPERA : Opera 9.10
 MOZILLA : nss 3.11
CVE:CVE-2007-0009 (Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.)
 CVE-2007-0008 (Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.)
Оригинальный текстdocumentMOZILLA, Mozilla Foundation Security Advisory 2007-06 (27.02.2007)
 documentIDEFENSE, iDefense Security Advisory 02.23.07: Mozilla Network Security Services SSLv2 Client Integer Underflow Vulnerability (25.02.2007)
 documentIDEFENSE, iDefense Security Advisory 02.23.07: Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability (25.02.2007)
 documentIDEFENSE, iDefense Security Advisory 02.23.07: Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability (25.02.2007)

Межсайтовый скриптинг с использованием унаследованной кодовой страницы во многих браузерах
дополнено с 25 февраля 2007 г.
Опубликовано:6 марта 2009 г.
Источник:
SecurityVulns ID:7304
Тип:клиент
Уровень опасности:
5/10
Описание:При отображении страницы в фрейме используется кодовая страница родительской страницы, что позволяет организовать атаку межсайтового скриптинга за счет выбора, например UTF-7, EUC-JP (SHIFT_JIS).
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MOZILLA : Firefox 1.5
 MOZILLA : Firefox 2.0
 MICROSOFT : Windows Vista
 MOZILLA : Firefox 3.0
 GOOGLE : Chrome 1.0
CVE:CVE-2007-1115 (The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.)
 CVE-2007-1114 (The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.)
 CVE-2007-0996 (The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.)
Оригинальный текстdocumentMustLive, Firefox's Charset Remembering strikes back (06.03.2009)
 documentMustLive, Charset Remembering vulnerability в Mozilla Firefox (04.02.2009)
 documentMustLive, Charset Inheritance vulnerability in Internet Explorer 6 и Google Chrome (01.02.2009)
 documentStefan Esser, Advisory 03/2007: Multiple Browsers Cross Domain Charset Inheritance Vulnerability (25.02.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород