Информационная безопасность
[RU] switch to English


DoS против TFTP-сервера AT-TFTP
Опубликовано:26 апреля 2011 г.
Источник:
SecurityVulns ID:11623
Тип:удаленная
Уровень опасности:
4/10
Описание:Отказ при отсутствии подтверждения порсле получения файла.
Затронутые продукты:AT-TFTP Server 1.8
Оригинальный текстdocumentSecPod Research, AT-TFTP Server Remote Denial of Service Vulnerability (26.04.2011)
Файлы:Exploit will crash AT-TFTP Server v1.8 Service

Многочисленные уязвимости безопасности в HP Insight Control
Опубликовано:26 апреля 2011 г.
Источник:
SecurityVulns ID:11624
Тип:удаленная
Уровень опасности:
5/10
Описание:Повышение привилегий, выполнение кода, утечка информации, DoS.
CVE:CVE-2011-1535 (Unspecified vulnerability in HP Insight Control for Linux (aka IC-Linux) before 6.3 allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unknown vectors.)
 CVE-2011-0539 (The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.)
 CVE-2011-0014 (ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access, aka "OCSP stapling vulnerability.")
 CVE-2010-4180 (OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled, does not properly prevent modification of the ciphersuite in the session cache, which allows remote attackers to force the downgrade to an unintended cipher via vectors involving sniffing network traffic to discover a session identifier.)
 CVE-2010-3864 (Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMA02658 SSRT100413 rev.1 - Insight Control for Linux (IC-Linux), Remote Unauthorized Elevation of Privilege, Execution of Arbitrary Code, Encryption Downgrade, Information Disclosure, Denial of Service (DoS) (26.04.2011)

Многочисленные уязвимости безопасности в HP Proliant Support Pack
Опубликовано:26 апреля 2011 г.
Источник:
SecurityVulns ID:11625
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг, утечка информации.
Затронутые продукты:HP : Proliant Support Pack 8.6
CVE:CVE-2011-1539 (Unspecified vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote attackers to obtain sensitive information via unknown vectors.)
 CVE-2011-1538 (Open redirect vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote authenticated users to redirect other users to arbitrary web sites and conduct phishing attacks via unspecified vectors.)
 CVE-2011-1537 (Cross-site scripting (XSS) vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMA02661 SSRT100408 rev.1 - HP Proliant Support Pack (PSP) Running on Linux and Windows, Remote Cross Site Scripting (XSS), URL Redirection, Information Disclosure (26.04.2011)

Многочисленные уязвимости безопасности в HP System Management Homepage
Опубликовано:26 апреля 2011 г.
Источник:
SecurityVulns ID:11626
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг, выполнение кода, DoS.
Затронутые продукты:HP : HP System Management Homepage 6.2
CVE:CVE-2011-1541 (Unspecified vulnerability in HP System Management Homepage (SMH) before 6.3 allows remote attackers to bypass intended access restrictions, and consequently execute arbitrary code, via unknown vectors.)
 CVE-2011-1540 (Unspecified vulnerability in HP System Management Homepage (SMH) before 6.3 allows remote authenticated users to execute arbitrary code via unknown vectors.)
 CVE-2010-4156 (The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter).)
 CVE-2010-4008 (libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.)
 CVE-2010-3709 (The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive.)
 CVE-2010-2950 (Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obtain sensitive information (memory contents) and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the phar_stream_flush function, leading to errors in the php_stream_wrapper_log_error function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2094.)
 CVE-2010-2939 (Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.)
 CVE-2010-2531 (The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion.)
 CVE-2010-1917 (Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (PHP crash) via a crafted first argument to the fnmatch function, as demonstrated using a long string.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMA02662 SSRT100409 rev.1 - HP System Management Homepage (SMH) for Linux and Windows, Remote Unauthorized Access, Execution of Arbitrary Code, Denial of Service (DoS) (26.04.2011)

Утечка информации в HP Network Automation
Опубликовано:26 апреля 2011 г.
Источник:
SecurityVulns ID:11627
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:HP : HP Network Automation 9.10
CVE:CVE-2011-1725 (Unspecified vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to obtain sensitive information via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMA02666 SSRT100434 rev.1 - HP Network Automation Running on Linux, Solaris, and Windows, Remote Information Disclosure (26.04.2011)

Microsoft прикрыл атаки на релеинг NTLM в SMB
дополнено с 12 ноября 2008 г.
Опубликовано:26 апреля 2011 г.
Источник:
SecurityVulns ID:9428
Тип:m-i-t-m
Уровень опасности:
5/10
Описание:Microsoft устранил проблему, когда NTLM-реквизиты, использованные для одного сервиса могли быть проброшены на другой сервис. Атака известна на протяжении многих лет.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2008-4037 (Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.)
Оригинальный текстdocumentПоляков Александр, Re: [DSECRG-11-018] Kaspersky administration Kit - Remote code execution via SMBRelay (26.04.2011)
 documentПоляков Александр, Re: [DSECRG-11-018] Kaspersky administration Kit - Remote code execution via SMBRelay (26.04.2011)
 documentMICROSOFT, Microsoft Security Bulletin MS08-068 – Important Vulnerability in SMB Could Allow Remote Code Execution (957097) (12.11.2008)
Файлы:Microsoft Security Bulletin MS08-068 – Important Vulnerability in SMB Could Allow Remote Code Execution (957097)
 NTLM и корморативные сети / NTLM in Corporate Networks - in Russian

Атаки SMB-релеинга против Kaspersky administration Kit
Опубликовано:26 апреля 2011 г.
Источник:
SecurityVulns ID:11628
Тип:m-i-t-m
Уровень опасности:
5/10
Описание:Производится сканирование сети с автоматическим подключением через SMB с правами администратора, что позволяет провести атаки NTLM-релеинга.
Затронутые продукты:KASPERSKY : Kaspersky Administration Kit 6.0
Оригинальный текстdocumentAlexandr Polyakov, [DSECRG-11-018] Kaspersky administration Kit - Remote code execution via SMBRelay (26.04.2011)

Уязвимости безопасности в Asterisk
дополнено с 26 апреля 2011 г.
Опубликовано:27 апреля 2011 г.
Источник:
SecurityVulns ID:11621
Тип:удаленная
Уровень опасности:
6/10
Описание:Повышение привилегий, DoS через исчерпание ресурсов.
Затронутые продукты:DIGIUM : Asterisk 1.4
 ASTERISK : Asterisk 1.6
 ASTERISK : Asterisk 1.8
CVE:CVE-2011-1507 (Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 do not restrict the number of unauthenticated sessions to certain interfaces, which allows remote attackers to cause a denial of service (file descriptor exhaustion and disk space exhaustion) via a series of TCP connections.)
Оригинальный текстdocumentASTERISK, AST-2011-005: File Descriptor Resource Exhaustion (27.04.2011)
 documentASTERISK, AST-2011-006: Asterisk Manager User Shell Access (26.04.2011)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
дополнено с 26 апреля 2011 г.
Опубликовано:27 апреля 2011 г.
Источник:
SecurityVulns ID:11622
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:PHPLIST : phpList 2.10
 TIMTHUMB : TimThumb 1.24
 WEBMIN : Webmin 1.540
 AFFINITY : BuddyPress 1.2
 COTONI : Cotonti 0.9
 WORDPRESS : WP-Ajax-Recent-Posts 1.0
 Noah's Classifieds 5.0
CVE:CVE-2011-1727 (Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to an "HTML injection" issue.)
 CVE-2011-1726 (Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Оригинальный текстdocumentMustLive, Code Execution в WordPress 2.5 - 3.1.1 (27.04.2011)
 documentJavier Bassi, XSS in Webmin 1.540 + exploit for privilege escalation (27.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22956: XSS vulnerabilities in phpList (26.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22957: XSRF (CSRF) in phpList (26.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22951: XSS in WP-Ajax-Recent-Posts wordpress plugin (26.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22952: XSS vulnerabilities in Noah's Classifieds (26.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22953: XSS in Max's PHP Photo Album (26.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22954: Path disclousure in yappa-ng Photo Gallery (26.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22948: Path disclosure in Cotonti (26.04.2011)
 documentHigh-Tech Bridge Security Research, HTB22955: Path disclosure in BuddyPress WordPress plugin (26.04.2011)
 documentHP, [security bulletin] HPSBMA02667 SSRT100464 rev.1 - HP SiteScope, Cross Site Scripting (XSS) and HTML Injection (26.04.2011)
 documentMustLive, Уязвимости во многих темах и компонентвх для Joomla (26.04.2011)
 documentJavier Bassi, XSS in Webmin 1.540 + exploit for privilege escalation (26.04.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород