Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:28 апреля 2007 г.
Источник:
SecurityVulns ID:7642
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:BROTHERSOFT : Shop-Script 2.0
 NUCLEUSCMS : nucleus 3.22
 PHPMYTGP : phpMYTGP 1.4
 SUNSHOP : sunshop 4
 CAFELOG : B2 Weblog and News Publishing 0.6
 COMUS : comus 2.0
 BUILT2GO : PHP Link Portal 1.79
 BLOGSYSTEM : blogsystem 1.4
 DOWNLOADENGINE : download engine 1.4
 VIRTUANEWS : VirtuaNews Pro 1.0
 MODBUILD : modbuild 4.1
 SINECMS : SineCMS 2.3
 BURAKYILMAZ : Burak Yilmaz Blog 1.0
Оригинальный текстdocumentDj_ReMix_20_(at)_hotmail.com, Burak Yılmaz Blog (tr) v1.0 SQL injection vulnerability (28.04.2007)
 documentnexus_(at)_playhack.net, SineCMS (28.04.2007)
 documents433d_only_linux_(at)_yahoo.de, modbuild >> 4.1 Remote File Inclusion (28.04.2007)
 documentalijsb_(at)_yahoo.com, :doruk100net >> RFI (28.04.2007)
 documents433d_only_linux_(at)_yahoo.de, VirtuaNews.Pro.v1.0.3.Retail.+All.Plugins Remote file Include (28.04.2007)
 documents433d_only_linux_(at)_yahoo.de, Remote File Inclusion (28.04.2007)
 documentalijsb_(at)_yahoo.com, download engine V1.4.1 >> RFI (local) (28.04.2007)
 documentalijsb_(at)_yahoo.com, nucleus 3.22 >> RFI (28.04.2007)
 documentinfo_(at)_hackerz.ir, blogsystem 1.4 >> local & remote = -rfi & lfi & -xss (28.04.2007)
 documentalijsb_(at)_yahoo.com, Built2Go_PHP_Link_Portal_v1.79 >> RFI (28.04.2007)
 documentalijsb_(at)_yahoo.com, Searchactivity >> RFI (28.04.2007)
 documentalijsb_(at)_yahoo.com, comus 2.0 Final >> RFI (28.04.2007)
 documentalijsb_(at)_yahoo.com, B2 Weblog and News Publishing Tool v0.6.1 >> RFI (28.04.2007)
 documentalijsb_(at)_yahoo.com, adrevenue script (CyKuH.com)>> RFI (28.04.2007)
 documentalijsb_(at)_yahoo.com, sunshop v4 >> RFI (28.04.2007)
 documentalijsb_(at)_yahoo.com, Shop-Script v 2.0 >> RFI (28.04.2007)
 documentalijsb_(at)_yahoo.com, phpMYTGP v v1.4b >> RFI (28.04.2007)

Внедрение запроса через аутентификацию Digest во многих браузерах (request splitting)
Опубликовано:28 апреля 2007 г.
Источник:
SecurityVulns ID:7643
Тип:клиент
Уровень опасности:
5/10
Описание:Возможно внедрение символа перевода строки в заголовок запроса через имя пользователя.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MOZILLA : Firefox 2.0
 MICROSOFT : Windows Vista
Оригинальный текстdocumentStefano Di Paola, IE 7 and Firefox Browsers Digest Authentication Request Splitting (28.04.2007)

Многочисленные уязвимости в библиотеке AFFLIB (multiple bugs)
Опубликовано:28 апреля 2007 г.
Источник:
SecurityVulns ID:7644
Тип:библиотека
Уровень опасности:
6/10
Описание:Внедрение метасимволов, переполнения буфера, ошибки форматной строки, кратковременные условия и т.п.
Затронутые продукты:AFFLIB : AFFLIB 2.2
CVE:CVE-2007-2352 (Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls, possibly involving (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/imager.cpp, and (f) tools/afxml.cpp. NOTE: this identifier is intended to address the vectors that were not fixed in CVE-2007-2054, but the unfixed vectors were not explicitly listed.)
 CVE-2007-2056 (** REJECT ** The getlock function in aimage/aimage.cpp in AFFLIB 2.2.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary lock files (aka "time-of-check-time-of-use file race"). NOTE: the researcher has retracted the original advisory, stating that "the portion of vulnerable code is not called in any current version of AFFLIB and is therefore not exploitable.")
 CVE-2007-2055 (AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary commands via shell metacharacters involving (1) certain command line parameters in tools/afconvert.cpp and (2) arguments to the get_parameter function in aimage/ident.cpp. NOTE: it is unknown if the get_parameter vector (2) is ever called.)
 CVE-2007-2054 (Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, and (g) tools/afxml.cpp. NOTE: the aimage.cpp vector (e) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.)
 CVE-2007-2053 (Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.)
Оригинальный текстdocumentVSR Advisories, AFFLIB(TM): Time-of-Check-Time-of-Use File Race (28.04.2007)
 documentVSR Advisories, AFFLIB(TM): Multiple Buffer Overflows (28.04.2007)
 documentVSR Advisories, AFFLIB(TM): Multiple Format String Injections (28.04.2007)
 documentVSR Advisories, AFFLIB(TM): Multiple Shell Metacharacter Injections (28.04.2007)

Многочисленные уязвимостей в Symantec Norton Ghost (multiple bugs)
Опубликовано:28 апреля 2007 г.
Источник:
SecurityVulns ID:7645
Тип:локальная
Уровень опасности:
5/10
Описание:Переполнение буфера в Service Manager, слабое шифрование.
CVE:CVE-2007-2361 (Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore points images are configured, uses weak permissions (world readable) for a configuration file with network share credentials, which allows local users to obtain the credentials by reading the file.)
 CVE-2007-2360 (Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key.)
 CVE-2007-2359 (Buffer overflow in Ghost Service Manager, as used in Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before 20070426, allows local users to gain privileges via a long string.)
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 04.26.07: Symantec Norton Ghost 10 Recovery Points Insecure Password Storage Vulnerability (28.04.2007)
 documentIDEFENSE, iDefense Security Advisory 04.26.07: Symantec Norton Ghost 10 Service Manager Buffer Overflow Vulnerability (28.04.2007)

Переполнение буфера в MyDNS (buffer overflow)
Опубликовано:28 апреля 2007 г.
Источник:
SecurityVulns ID:7646
Тип:удаленная
Уровень опасности:
5/10
Описание:Переполнение буфера динамической памяти при динамическом обновлении записи DNS.
Затронутые продукты:MYDNS : mydns 1.1
CVE:CVE-2007-2362 (Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) cause a denial of service (daemon crash) and possibly execute arbitrary code via a certain update, which triggers a heap-based buffer overflow in update.c; and (2) cause a denial of service (daemon crash) via unspecified vectors that trigger an off-by-one stack-based buffer overflow in update.c.)
Оригинальный текстdocumentmu-b, [Full-disclosure] mydns-1.1.0 remote heap overflow (28.04.2007)
Файлы:mydns remote exploit PoC (x86-lnx)
 mydns update buffer overflow patch

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород