Информационная безопасность
[RU] switch to English


Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
дополнено с 26 апреля 2010 г.
Опубликовано:26 апреля 2010 г.
Источник:
SecurityVulns ID:10788
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:CACTI : cacti 0.8
 APACHE : ActiveMQ 5.3
 DLE : Переходы 6.9
 OPENFONCIER : Openfoncier 2.00
 OPENPLANNING : Openplanning 1.00
 OPENPRESSE : Openpresse 1.01
 INPORTAL : In-portal 5.0
 OPENCOMINTERNE : OpenCominterne 1.01
 OPENCOURIER : Opencourrier 2.03
 APACHE : ActiveMQ 5.4
 SMODCMS : SmodCMS 4.07
 POWEREASY : PowerEasy 2006
 MADRISH : Madirish Webmail 2.01
Оригинальный текстdocumenteidelweiss, Madirish Webmail 2.01 (basedir) RFI/LFI Vulnerability (26.04.2010)
 documentlis cker, A XSS in User_ChkLogin.asp of PowerEasy 2006 (26.04.2010)
 documenteidelweiss, SmodCMS 'config.php' Arbitrary File Upload Vulnerability (26.04.2010)
 documenteidelweiss, phpegasus 'config.php' Arbitrary File Upload Vulnerability (26.04.2010)
 documentDEBIAN, [SECURITY] [DSA 2039-1] New cacti packages fix missing input sanitising (26.04.2010)
 documentSecPod Research, Apache ActiveMQ is prone to source code disclosure vulnerability. (26.04.2010)
 documentInj3ct0r.com, Opencourrier 2.03beta (RFI/LFI) Multiple File Include Vulnerability (26.04.2010)
 documentInj3ct0r.com, OpenCominterne 1.01 Local File Include Vulnerability (26.04.2010)
 documentmd.r00t.defacer_(at)_gmail.com, In-portal 5.0.3 Remote Arbitrary File Upload Exploit (26.04.2010)
 documentMustLive, Vulnerability in Referer for DataLife Engine (26.04.2010)
 documentmd.r00t.defacer_(at)_gmail.com, IWD Group SQL Injection Vulnerabilities (26.04.2010)
 documentInj3ct0r.com, Openpresse 1.01 Local File Include Vulnerability (26.04.2010)
 documentInj3ct0r.com, Openplanning 1.00 (RFI/LFI) Multiple File Include Vulnerability (26.04.2010)
 documentInj3ct0r.com, Openfoncier 2.00 (RFI/LFI) Multiple File Include Vulnerability (26.04.2010)
 documentMustLive, Cross-Site Scripting уязвимость в Переходы для DataLife Engine (26.04.2010)

Несанкционированный доступ в HP Virtual Machine Manager
Опубликовано:26 апреля 2010 г.
Источник:
SecurityVulns ID:10791
Тип:удаленная
Уровень опасности:
6/10
CVE:CVE-2010-1035 (Multiple unspecified vulnerabilities in HP Virtual Machine Manager (VMM) before 6.0 allow remote authenticated users to execute arbitrary code via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMA02494 SSRT090168 rev.1 - HP Virtual Machine Manager (VMM) for Windows, Remote Unauthorized Access, Privilege Elevation (26.04.2010)

Повреждение памяти в ClamAV
Опубликовано:26 апреля 2010 г.
Источник:
SecurityVulns ID:10792
Тип:удаленная
Уровень опасности:
5/10
Описание:Повреждение памяти при разборе CAB-файлов.
Затронутые продукты:CLAMAV : ClamAV 0.95
CVE:CVE-2010-1311 (The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2010:082 ] clamav (26.04.2010)

Выполнение кода в HP Operations Manager
Опубликовано:26 апреля 2010 г.
Источник:
SecurityVulns ID:10793
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:HP : HP Operations Manager 8.10
 HP : HP Operations Manager 8.16
 HP : HP Operations Manager 7.5
CVE:CVE-2010-1033 (Multiple stack-based buffer overflows in a certain Tetradyne ActiveX control in HP Operations Manager 7.5, 8.10, and 8.16 might allow remote attackers to execute arbitrary code via a long string argument to the (1) LoadFile or (2) SaveFile method, related to srcvw32.dll and srcvw4.dll.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMA02491 SSRT100060 rev.1 - HP Operations Manager for Windows, Remote Execution of Arbitrary Code (26.04.2010)

DoS против HP-UX
Опубликовано:26 апреля 2010 г.
Источник:
SecurityVulns ID:10794
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:HP : HP-UX 11.11
CVE:CVE-2010-1032 (Unspecified vulnerability in HP HP-UX B.11.11 allows local users to cause a denial of service via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBUX02518 SSRT100051 rev.1 - HP-UX, Local Denial of Service (DoS) (26.04.2010)

DoS против CompleteFTP
Опубликовано:26 апреля 2010 г.
Источник:
SecurityVulns ID:10796
Тип:удаленная
Уровень опасности:
5/10
Описание:Утечка памяти в процессе аутентификации.
Оригинальный текстdocumentMehdi Mahdjoub - Sysdream IT Security Services, CompleteFTP v3.3.0 - Remote Memory Consumption DoS (26.04.2010)
Файлы:CompleteFTP v3.3.0 - Remote Memory Consumption DoS

Переполнение буфера в WinMount
Опубликовано:26 апреля 2010 г.
Источник:
SecurityVulns ID:10797
Тип:локальная
Уровень опасности:
4/10
Описание:Переполнение буфера на длинных именах файлов внутри архива.
Затронутые продукты:WINMOUNT : WinMount 3.3
Оригинальный текстdocumentlilf, WinMount MOU File Handling Overflow Vulnerability (26.04.2010)

Обход аутентификации mod_auth_shadow в Apache
Опубликовано:26 апреля 2010 г.
Источник:
SecurityVulns ID:10798
Тип:удаленная
Уровень опасности:
7/10
Описание:Кратковременные условия позволяют доступ без проверки имени пользователя и пароля.
Затронутые продукты:APACHE : mod_auth_shadow 2.2
CVE:CVE-2010-1151 (Race condition in the mod_auth_shadow module for the Apache HTTP Server allows remote attackers to bypass authentication, and read and possibly modify data, via vectors related to improper interaction with an external helper application for validation of credentials.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2010:081 ] apache-mod_auth_shadow (26.04.2010)

Многочисленные уязвимости безопасности в библиотеке AgentX++ / Helix Server
дополнено с 26 апреля 2010 г.
Опубликовано:29 апреля 2010 г.
Источник:
SecurityVulns ID:10795
Тип:библиотека
Уровень опасности:
7/10
Описание:Целочисленное переполнение, переполнение буфера.
Затронутые продукты:AGENTPP : AgentX++ 1.4
 REAL : Helix Server 12
CVE:CVE-2010-1319 (Integer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via a request with a crafted payload length.)
 CVE-2010-1318 (Stack-based buffer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via unspecified vectors.)
 CVE-2010-1317 (Heap-based buffer overflow in the NTLM authentication functionality in RealNetworks Helix Server and Helix Mobile Server 11.x, 12.x, and 13.x allows remote attackers to have an unspecified impact via invalid base64-encoded data.)
Оригинальный текстdocumentREAL, Security Update for Helix Server and Helix Mobile Server (29.04.2010)
 documentZDI, ZDI-10-079: Realnetworks Helix Server NTLM Authentication Invalid Base64 Remote Code Execution Vulnerability (29.04.2010)
 documentIDEFENSE, iDefense Security Advisory 04.15.10: Multiple Vendor AgentX++ Stack Buffer Overflow Vulnerability (26.04.2010)

Обратный путь в каталогах Novell ZENworks
дополнено с 26 апреля 2010 г.
Опубликовано:30 апреля 2010 г.
Источник:
SecurityVulns ID:10789
Тип:удаленная
Уровень опасности:
7/10
Описание:Обратный путь в каталогах UploadServlet.
Затронутые продукты:NOVELL : ZENworks 10
Оригинальный текстdocumenttu canal amigo, PoC for ZDI-10-078 (30.04.2010)
 documentZDI, ZDI-10-078: Novell ZENworks Configuration Management UploadServlet Remote Code Execution Vulnerability (26.04.2010)

Многочисленные уязвимости в HP System Management Homepage
дополнено с 26 апреля 2010 г.
Опубликовано:20 мая 2010 г.
Источник:
SecurityVulns ID:10790
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг, DoS, выполнение кода, несанкционированный доступ.
Затронутые продукты:HP : HP System Management Homepage 6.0
CVE:CVE-2010-1034 (Unspecified vulnerability in HP System Management Homepage (SMH) 6.0 before 6.0.0-95 on Linux, and 6.0 before 6.0.0.96 on Windows, allows remote authenticated users to obtain sensitive information, modify data, and cause a denial of service via unknown vectors.)
 CVE-2009-3555 (The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.)
 CVE-2009-1387 (The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a "fragment bug.")
 CVE-2009-1386 (ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHello.)
 CVE-2009-1379 (Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate.)
 CVE-2009-1378 (Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak.")
 CVE-2009-1377 (The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug.")
 CVE-2008-5814 (Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208.)
 CVE-2008-5557 (Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions.)
 CVE-2008-4226 (Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.)
 CVE-2008-1468 (Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are obtained from third party information.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMA02534 SSRT090180 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Information Disclosure, Unauthorized Data Modification, Denial of Service (DoS) (20.05.2010)
 documentHP, [security bulletin] HPSBMA02492 SSRT100079 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access (26.04.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород