Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Mozilla Firefox / Seamonkey
Опубликовано:25 июня 2010 г.
Источник:
SecurityVulns ID:10955
Тип:клиент
Уровень опасности:
8/10
Описание:Многочисленные повреждения памяти, целочисленное переполнение, использование после освобождения, утечка информации, переполнение буфера, обход фильтрации содержимого.
Затронутые продукты:MOZILLA : SeaMonkey 2.0
 MOZILLA : Firefox 3.5
 MOZILLA : Firefox 3.6
 MOZILLA : Thunderbird 3.0
 MOZILLA : Firefox 3.6
 MOZILLA : Firefox 3.5
CVE:CVE-2010-1203 (The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger an assertion failure in jstracer.cpp.)
 CVE-2010-1202 (Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2010-1201 (Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.10, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2010-1200 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2010-1199 (Integer overflow in the XSLT node sorting implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a large text value for a node.)
 CVE-2010-1198 (Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to execute arbitrary code via vectors involving multiple plugin instances.)
 CVE-2010-1197 (Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document.)
 CVE-2010-1196 (Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node with a long text value that triggers a heap-based buffer overflow.)
 CVE-2010-1125 (The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, allows remote attackers to send selected keystrokes to a form field in a hidden frame, instead of the intended form field in a visible frame, via certain calls to the focus method.)
 CVE-2010-0183 (Use-after-free vulnerability in the nsCycleCollector::MarkRoots function in Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a crafted HTML document, related to an improper frame construction process for menus.)
 CVE-2008-5913 (An unspecified function in the JavaScript implementation in Mozilla Firefox creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.)
Оригинальный текстdocumentZDI, ZDI-10-113: Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability (25.06.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-33 (25.06.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-32 (25.06.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-31 (25.06.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-30 (25.06.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-29 (25.06.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-28 (25.06.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-27 (25.06.2010)
 documentMOZILLA, Mozilla Foundation Security Advisory 2010-26 (25.06.2010)

Переполнение буфера в библиотеке libneon / svn
Опубликовано:25 июня 2010 г.
Источник:
SecurityVulns ID:10956
Тип:клиент
Уровень опасности:
6/10
Описание:Переполнение буфера в реализации авторизации NTLM.
Затронутые продукты:LIBNEON : libneon 0.27
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2010:123 ] libneon0.27 (25.06.2010)

Переполнения буфера в Novell iManager
Опубликовано:25 июня 2010 г.
Источник:
SecurityVulns ID:10957
Тип:удаленная
Уровень опасности:
6/10
Описание:Несколько различных переполнений буфера.
Затронутые продукты:NOVELL : iManager 2.7
CVE:CVE-2010-1930 (Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc.)
 CVE-2010-1929 (Multiple stack-based buffer overflows in the [email protected] function in jclient.dll in the Tomcat web server in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allow remote authenticated users to execute arbitrary code via the (1) EnteredClassID or (2) NewClassName parameter to nps/servlet/webacc.)
Оригинальный текстdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2010-0316 - Novell iManager Multiple Vulnerabilities (25.06.2010)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:25 июня 2010 г.
Источник:
SecurityVulns ID:10958
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:WORDPRESS : Cimy Counter 0.9
 WEBDB : WebDB 2.0
Оригинальный текстdocumentHigh-Tech Bridge Security Research, SQL injection vulnerability in WebDB (25.06.2010)
 documentHigh-Tech Bridge Security Research, XSS vulnerability in ForumCMS (25.06.2010)
 documentHigh-Tech Bridge Security Research, SQL injection vulnerability in WebDB (25.06.2010)
 documentMustLive, Vulnerabilities in Cimy Counter for WordPress (25.06.2010)
 documentMustLive, Vulnerabilities in Cimy Counter for WordPress (25.06.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород