Информационная безопасность
[RU] switch to English


Обратный путь в каталогах TFTP-сервера Kiwi CatTools (directory traversal)
дополнено с 9 февраля 2007 г.
Опубликовано:27 февраля 2007 г.
Источник:
SecurityVulns ID:7208
Тип:удаленная
Уровень опасности:
5/10
Описание:Обратный путь в каталогах встроенного TFTP-сервера.
Затронутые продукты:KIWI : CatTools 3.2
CVE:CVE-2007-0889 (Kiwi CatTools before 3.2.0 beta uses weak encryption ("reversible encoding") for passwords, account names, and IP addresses in kiwidb-cattools.kdb, which might allow local users to gain sensitive information by decrypting the file. NOTE: this issue could be leveraged with a directory traversal vulnerability for a remote attack vector.)
 CVE-2007-0888 (Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command.)
Оригинальный текстdocumentnoreply_(at)_ptsecurity.ru, [Full-disclosure] Kiwi CatTools TFTP server path traversal (27.02.2007)
 documentnicob_(at)_nicob.net, TFTP directory traversal in Kiwi CatTools (09.02.2007)

Многочисленные уязвимости в Mozilla libnss (multiple bugs)
дополнено с 25 февраля 2007 г.
Опубликовано:27 февраля 2007 г.
Источник:
SecurityVulns ID:7303
Тип:библиотека
Уровень опасности:
6/10
Описание:Многочисленные переполнения буфера и целочисленные переполнения в реализации кода клиента и сервера SSL2.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MOZILLA : Firefox 1.5
 MOZILLA : nss 3.10
 MICROSOFT : Windows Vista
 OPERA : Opera 9.10
 MOZILLA : nss 3.11
CVE:CVE-2007-0009 (Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid "Client Master Key" length values.)
 CVE-2007-0008 (Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via a crafted SSLv2 server message containing a public key that is too short to encrypt the "Master Secret", which results in a heap-based overflow.)
Оригинальный текстdocumentMOZILLA, Mozilla Foundation Security Advisory 2007-06 (27.02.2007)
 documentIDEFENSE, iDefense Security Advisory 02.23.07: Mozilla Network Security Services SSLv2 Client Integer Underflow Vulnerability (25.02.2007)
 documentIDEFENSE, iDefense Security Advisory 02.23.07: Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability (25.02.2007)
 documentIDEFENSE, iDefense Security Advisory 02.23.07: Mozilla Network Security Services SSLv2 Server Stack Overflow Vulnerability (25.02.2007)

Доступ между доменами в Mozilla Firefox
дополнено с 15 февраля 2007 г.
Опубликовано:27 февраля 2007 г.
Источник:
SecurityVulns ID:7238
Тип:клиент
Уровень опасности:
8/10
Описание:Используя location.hostname='evil.com\x00foo.example.com' атакующий может добиться, чтобы запрос для foo.example.com ушел на evil.com, что позволяет доступ между доменами. Уязвимость может быть использована для скрытой установки вредоносного кода.
Затронутые продукты:MOZILLA : Firefox 2.0
CVE:CVE-2007-1084 (Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page.)
 CVE-2007-1004 (Mozilla Firefox might allow remote attackers to conduct spoofing and phishing attacks by writing to an about:blank tab and overlaying the location bar.)
 CVE-2007-0981 (Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.)
Оригинальный текстdocumentMOZILLA, Mozilla Foundation Security Advisory 2007-07 (27.02.2007)
 documentMichal Zalewski, [Full-disclosure] Firefox bookmark cross-domain surfing vulnerability (22.02.2007)
 documentMichal Zalewski, Firefox: about:blank is phisher's best friend (18.02.2007)
 documentMichal Zalewski, Re: [Full-disclosure] Firefox: serious cookie stealing / same-domain bypass vulnerability (15.02.2007)
 documentMichal Zalewski, Firefox: serious cookie stealing / same-domain bypass vulnerability (15.02.2007)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:27 февраля 2007 г.
Источник:
SecurityVulns ID:7308
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:VIEWCVS : ViewCVS 0.9
 WORDPRESS : WordPress 2.1
 MTCMS : MTCMS 2.2
 ZEPHYRSOFT : Address Book Continued 1.00
 ZEPHYRSOFT : Address Book Continued 1.01
 EFICTION : eFiction 3.1
CVE:CVE-2007-1132 (Multiple cross-site scripting (XSS) vulnerabilities in the "Contact Us" functionality in MTCMS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) message and (2) title fields.)
 CVE-2007-1129 (Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow remote attackers to upload and execute files via (1) an avatar upload in an add_down action, or (2) an add_link action.)
 CVE-2007-1122 (Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 and 1.01 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php, a variant of a SQL injection issue that was fixed in 1.01. NOTE: some of these details are obtained from third party information.)
 CVE-2007-1121 (Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php. NOTE: some of these details are obtained from third party information.)
 CVE-2007-1118 (Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path_to_smf parameter to (1) bridges/SMF/logout.php or (2) get_session_vars.php.)
Оригинальный текстdocumentStefan Friedli, Wordpress 2.1.1 - Multiple Script Injection Vulnerabilities (27.02.2007)
 documentScarlet Pimpernel, [Full-disclosure] Multiple SQL Injection bugs in TCS website (27.02.2007)
 documentMoritz Naumann, ViewCVS 0.9.4 issues (27.02.2007)
 documentlaurent gaffié, MTCMS multiple upload vulnerabilities (27.02.2007)
 documentc_r_ck_(at)_hotmail.com, XXS in script Phorum (27.02.2007)
 documentSaMuschie, WordPress AdminPanel CSRF/XSS - 0day (27.02.2007)

Многочисленные уязвимости в Mozilla Firefox / Thunderbird / Seamonkey (multiple bugs)
дополнено с 27 февраля 2007 г.
Опубликовано:6 марта 2007 г.
Источник:
SecurityVulns ID:7309
Тип:удаленная
Уровень опасности:
7/10
Описание:Обход фильтрации HTML-содержимого, межсайтовый скриптинг, слабая хэширующая функция, повреждение памяти, переполнение буфера и др.
Затронутые продукты:MOZILLA : Thunderbird 1.5
 MOZILLA : Firefox 1.5
 MOZILLA : Seamonkey 1.0
 MOZILLA : Firefox 2.0
CVE:CVE-2007-1282 (Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line.)
 CVE-2007-0995 (Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.)
 CVE-2007-0994 (A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an (1) img, (2) link, or (3) style tag, which bypasses the access checks and executes code with chrome privileges.)
 CVE-2007-0780 (browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI.)
 CVE-2007-0779 (GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot property with a large, transparent, custom cursor.)
 CVE-2007-0778 (The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive information or enable further attack vectors when the target page is reloaded from the cache.)
 CVE-2007-0777 (The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption.)
 CVE-2007-0776 (Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file.)
 CVE-2007-0775 (Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially execute arbitrary code via certain vectors.)
Оригинальный текстdocumentMOZILLA, Mozilla Foundation Security Advisory 2007-09 (06.03.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-10 (06.03.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-05 (27.02.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-04 (27.02.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-03 (27.02.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-02 (27.02.2007)
 documentMOZILLA, Mozilla Foundation Security Advisory 2007-01 (27.02.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород