Информационная безопасность
[RU] switch to English


Межсайтовый скриптинг в IBM Tivoli Storage Manager Client
Опубликовано:29 октября 2007 г.
Источник:
SecurityVulns ID:8298
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовый скритпинг через файлы журналов в CAD Service.
Затронутые продукты:IBM : Tivoli Storage Manager Client 5.3
 IBM : Tivoli Storage Manager Client 5.4
CVE:CVE-2007-4348
Оригинальный текстdocumentSECUNIA, Secunia Research: IBM Tivoli Storage Manager Client CAD Service Script Insertion (29.10.2007)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:29 октября 2007 г.
Источник:
SecurityVulns ID:8299
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:TIKIWIKI : tikiwiki 1.9
 TEATRO : teatro 1.6
 WORDPRESS : WordPress 2.3
 AGTC : AGTC-Membership 1.1
 SAXON : SAXON 5.4
CVE:CVE-2007-4863
 CVE-2007-4862
 CVE-2007-4861
Оригинальный текстdocumentHackers Center Security Group, Omnistar Live Software Cross-Site Scripting Vulrnability (29.10.2007)
 documentsecurityresearch_(at)_netvigilance.com, SAXON version 5.4 Multiple Path Disclosure Vulnerabilities (29.10.2007)
 documentsecurityresearch_(at)_netvigilance.com, SAXON version 5.4 SQL Injection Vulnerability (29.10.2007)
 documentsecurityresearch_(at)_netvigilance.com, SAXON version 5.4 XSS Attack Vulnerability (29.10.2007)
 documentGuns_(at)_0x90.com.ar, AGTC-Membership system v1.1a (adduser) Remote Add Admin Exploit (29.10.2007)
 documentJanek Vind, [waraxe-2007-SA#059] - XSS in WordPress 2.3 (29.10.2007)
 documentAlkomandoz Hacker, teatro 1.6 ( basePath ) Remote File Include Vulnerability (29.10.2007)
 documentStefan Esser, [Full-disclosure] Advisory SE-2007-01: TikiWiki Remote PHP Code Evaluation Vulnerability (29.10.2007)

Многочисленные уязвимости в Sun Java JRE / JDK
дополнено с 29 октября 2007 г.
Опубликовано:30 октября 2007 г.
Источник:
SecurityVulns ID:8300
Тип:библиотека
Уровень опасности:
6/10
Описание:Многочисленные уязвимости выхода из ограниченной среды.
Затронутые продукты:SUN : JDK 1.4
 ORACLE : JRE 1.4
 SUN : JRE 5.0
 ORACLE : JDK 5.0
CVE:CVE-2007-5274 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232.)
 CVE-2007-5273 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232.)
 CVE-2007-5240 (Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner by creating a window larger than the workstation screen.)
 CVE-2007-5239 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier does not properly enforce access restrictions for untrusted (1) applications and (2) applets, which allows user-assisted remote attackers to copy or rename arbitrary files when local users perform drag-and-drop operations from the untrusted application or applet window onto certain types of desktop applications.)
 CVE-2007-5238 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka "three vulnerabilities.")
 CVE-2007-5232 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when applet caching is enabled, allows remote attackers to violate the security model for an applet's outbound connections via a DNS rebinding attack.)
Оригинальный текстdocumentNGSSoftware Insight Security Research Advisory (NISR), Memory overwrites in JVM via malformed TrueType font (30.10.2007)
 documentNGSSoftware Insight Security Research Advisory (NISR), Untrusted Java applet can connect to localhost (30.10.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород