Информационная безопасность
[RU] switch to English


Межсайтовый скриптинг в Novell GroupWise WebAccess
дополнено с 1 февраля 2009 г.
Опубликовано:29 мая 2009 г.
Источник:
SecurityVulns ID:9641
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные возможности межсайтового скриптинга и подмены запросов.
Затронутые продукты:NOVELL : GroupWise WebAccess 7.0
CVE:CVE-2009-1635 (Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to inject arbitrary web script or HTML via (1) the User.lang parameter to the login page (aka gw/webacc), (2) style expressions in a message that contains an HTML file, or (3) vectors associated with incorrect protection mechanisms against scripting, as demonstrated using whitespace between JavaScript event names and values.)
 CVE-2009-0273 (Multiple cross-site scripting (XSS) vulnerabilities in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allow remote attackers to inject arbitrary web script or HTML via the (1) User.id and (2) Library.queryText parameters to gw/webacc, and other vectors involving (3) HTML e-mail and (4) HTML attachments.)
 CVE-2009-0272 (Cross-site request forgery (CSRF) vulnerability in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allows remote attackers to insert e-mail forwarding rules, and modify unspecified other configuration settings, as arbitrary users via unknown vectors.)
Оригинальный текстdocumentc3rb3r_(at)_videotron.ca, Novell Groupwise fails to properly sanitize emails. (29.05.2009)
 documentProCheckUp Research, PR08-21: Cross-site Request Forgery (CSRF) on Novell GroupWise WebAccess allows email theft and other attacks (01.02.2009)
 documentProCheckUp Research, PR08-22: Persistent XSS on Novell GroupWise WebAccess (01.02.2009)
 documentProCheckUp Research, PR08-23: XSS on Novell GroupWise WebAccess (01.02.2009)

Многочисленные уязвимости в Apple Mac OS X
дополнено с 14 мая 2009 г.
Опубликовано:29 мая 2009 г.
Источник:
SecurityVulns ID:9907
Тип:удаленная
Уровень опасности:
8/10
Описание:Несколько десятков обновлений в различных системных компонентах и Safari.
Затронутые продукты:APPLE : MacOS X 10.4
CVE:CVE-2009-0945 (Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption.)
 CVE-2009-0944 (The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not properly validate Microsoft Office files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a file that triggers memory corruption.)
 CVE-2009-0943 (Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that HTML pathnames are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files.)
 CVE-2009-0942 (Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not verify that certain Cascading Style Sheets (CSS) are located in a registered help book, which allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files.)
 CVE-2009-0165 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn.")
 CVE-2009-0162 (Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL.)
 CVE-2009-0160 (QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image that triggers memory corruption.)
 CVE-2009-0159 (Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.)
 CVE-2009-0158 (Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long hostname for a telnet server.)
 CVE-2009-0157 (Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before 10.5.7 allows remote web servers to execute arbitrary code or cause a denial of service (application crash) via long HTTP headers.)
 CVE-2009-0156 (Launch Services in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to cause a denial of service (persistent Finder crash) via a crafted Mach-O executable that triggers an out-of-bounds memory read.)
 CVE-2009-0155 (Integer underflow in CoreGraphics in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers a heap-based buffer overflow.)
 CVE-2009-0154 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code via a crafted Compact Font Format (CFF) font.)
 CVE-2009-0153 (International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.)
 CVE-2009-0152 (iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL Instant Messenger (AIM) communication in certain circumstances that are inconsistent with the Require SSL setting, which allows remote attackers to obtain sensitive information by sniffing the network.)
 CVE-2009-0150 (Stack-based buffer overflow in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image.)
 CVE-2009-0150 (Stack-based buffer overflow in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image.)
 CVE-2009-0149 (Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (application crash) by attempting to mount a crafted sparse disk image that triggers memory corruption.)
 CVE-2009-0148 (Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via long strings in input such as (1) source-code tokens and (2) pathnames, related to integer overflows in some cases. NOTE: this issue exists because of an incomplete fix for CVE-2004-2541.)
 CVE-2009-0148 (Multiple buffer overflows in Cscope before 15.7a allow remote attackers to execute arbitrary code via long strings in input such as (1) source-code tokens and (2) pathnames, related to integer overflows in some cases. NOTE: this issue exists because of an incomplete fix for CVE-2004-2541.)
 CVE-2009-0147 (Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.)
 CVE-2009-0146 (Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.)
 CVE-2009-0145 (CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file that triggers memory corruption.)
 CVE-2009-0144 (CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse noncompliant Set-Cookie headers, which allows remote attackers to obtain sensitive information by sniffing the network for "secure cookies" that are sent over unencrypted HTTP connections.)
 CVE-2009-0021 (NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.)
 CVE-2009-0010 (Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow.)
 CVE-2008-3652 (src/racoon/handler.c in racoon in ipsec-tools does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption).)
 CVE-2008-3651 (Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals.)
 CVE-2008-3530 (sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD 3.0 through 4.0, and possibly other operating systems does not properly check the proposed new MTU in an ICMPv6 Packet Too Big Message, which allows remote attackers to cause a denial of service (panic) via a crafted Packet Too Big Message.)
 CVE-2008-1517CVE-2008-1517
Оригинальный текстdocumentZDI, ZDI-09-021: Apple QuickTime PICT Unspecified Tag Heap Overflow Vulnerability (29.05.2009)
 documentZDI, ZDI-09-023: Apple OS X ATSServer Compact Font Format Parsing Memory Corruption Vulnerability (20.05.2009)
 documentZDI, ZDI-09-022: Apple Safari Malformed SVGList Parsing Code Execution Vulnerability (20.05.2009)
 documentsecurity_(at)_nruns.com, n.runs-SA-2009.001 - OS X CFNetwork advisory (20.05.2009)
 documentsecurity_(at)_nruns.com, n.runs-SA-2009.001 - OS X CFNetwork advisory (15.05.2009)
 documentIDEFENSE, iDefense Security Advisory 05.14.09: Apple Mac OS X xnu Kernel workqueue_additem/workqueue_removeitem Index Validation Vulnerability (14.05.2009)
 documentAPPLE, About the security content of Security Update 2009-002 / Mac OS X v10.5.7 (14.05.2009)
 documentCERT, US-CERT Technical Cyber Security Alert TA09-133A -- Apple Updates for Multiple Vulnerabilities (14.05.2009)

Переполнение буфера в libsndfile / WinAmp
дополнено с 21 мая 2009 г.
Опубликовано:29 мая 2009 г.
Источник:
SecurityVulns ID:9921
Тип:библиотека
Уровень опасности:
6/10
Описание:Переполнение буфера динамической памяти при разборе файлов .VOC, переполнение буфера при разборе AIFF.
Затронутые продукты:LIBSNDFILE : libsndfile 1.0
 NULLSOFT : Winamp 5.5
CVE:CVE-2009-1791 (Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value.)
 CVE-2009-1788 (Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value.)
Оригинальный текстdocumentGENTOO, [ GLSA 200905-09 ] libsndfile: User-assisted execution of arbitrary code (29.05.2009)
 documenttk_(at)_trapkit.de, [TKADV2009-006] libsndfile/Winamp VOC Processing Heap Buffer Overflow (21.05.2009)

Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
Опубликовано:29 мая 2009 г.
Источник:
SecurityVulns ID:9945
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:MYPHPNUKE : myPHPNuke 1.8
 PHPNUKE : PHP-Nuke 8.0
 VANILLA : Vanilla 1.1
 DRUPAL : Drupal 6.12
 ECSHOP : ecshop 2.6
 PAESSLER : PRTG Traffic Grapher 6.2
 SPIRATES : Small Pirates 2.1
 ADPEEPS : AdPeeps 8.5
 ARCADETRADESCRIP : Arcade Trade Script 1.0
 ACHIEVO : Achievo 1.3
Оригинальный текстdocumentJustin C. Klein Keane, [Full-disclosure] Drupal 6 Content Access Module XSS (29.05.2009)
 documentJustin C. Klein Keane, [Full-disclosure] Drupal Embedded Media Field Module Multiple XSS (29.05.2009)
 documentsecurity_(at)_intern0t.net, [InterN0T] Achievo 1.3.4 - XSS Vulnerability (29.05.2009)
 documentSmOk3, Arcade Trade Script XSS (29.05.2009)
 documentdarkz.gsa_(at)_gmail.com, PHP Nuke v.8.0 (referer) SQL Injection (29.05.2009)
 documentJan van Niekerk, Backdoor in com_rsgallery2 gallery extension for joomla (29.05.2009)
 documentdarkz.gsa_(at)_gmail.com, Vanilla v.1.1.7 Cross-Site Scripting (29.05.2009)
 documentsecurity_(at)_intern0t.net, [InterN0T] AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities (29.05.2009)
 documenty3nh4ck3r_(at)_gmail.com, MULTIPLE REMOTE VULNERABILITIES --Small Pirates v-2.1--> (29.05.2009)
 documentinfo_(at)_securitylab.ir, ecshop 2.6.2 (29.05.2009)
 documentMustLive, XSS and SQL Injection vulnerabilities in myPHPNuke (29.05.2009)

Криптографические уязвимости в OpenSC
Опубликовано:29 мая 2009 г.
Источник:
SecurityVulns ID:9946
Тип:библиотека
Уровень опасности:
6/10
Описание:Некорректная генерация ключей в pkcs11-tool дает возможность восстановления зашифрованных сообщений.
Затронутые продукты:OPENSC : OpenSC 0.11
CVE:CVE-2009-1603 (src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2009:123 ] opensc (29.05.2009)

Выполнение кода в StoneTrip S3DPlayers
Опубликовано:29 мая 2009 г.
Источник:
SecurityVulns ID:9947
Тип:клиент
Уровень опасности:
5/10
Описание:Функиця system.openURL() позволяет выполнение кода.
Затронутые продукты:STONETRIP : S3DPlayer 1.6
 STONETRIP : S3DPlayer 1.7
CVE:CVE-2009-1792 (The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka S3DPlayer StandAlone) 1.6.2.4 and 1.7.0.1 and WebPlayer (aka S3DPlayer Web) 1.6.0.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the first argument (the sURL argument).)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород