Информационная безопасность
[RU] switch to English


Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:30 января 2007 г.
Источник:
SecurityVulns ID:7129
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:DRUPAL : Drupal 4.7
 PHORUM : Phorum 5.1
 MDPRO : MDPro 1.0
 ENCAPSCMS : EncapsCMS 0.3
 SCRIPTSEZ : Random PHP Quote 1.0
 LEDGERSMB : LedgerSMB 1.1
 DRUPAL : Drupal 5.1
 GNOPASTE : gnopaste 0.5
 ATSPHP : Atsphp 5.0
 GALERIAZDJEC : Galeria Zdjec 3.0
 PHPFOOTBALL : PHPFootball 1.6
 ECLECTICDESIGNS : CascadianFAQ 4.1
 MYNEWS : MyNews 4.2
 HTTPCOMMANDER : HTTP Commander 6.0
 HORDE : Horde Groupware Webmail Edition 1.0
 HORDE : Horde Groupware 1.0
 VIVVO : Vivvo Article Management 3.40
 INTER7 : vHostAdmin 1.0
 MAKLERPLUS : MaklerPlus 1.1
CVE:CVE-2007-2014 (PHP remote file inclusion vulnerability in include/blocks/week_events.php in MyNews 4.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter, a different vector than CVE-2007-0633.)
 CVE-2007-0862 (** DISPUTED ** PHP remote file inclusion vulnerability in index.php in gnopaste 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via the GNP_REAL_PATH parameter. NOTE: CVE and a third party dispute this issue, since GNP_REAL_PATH is a constant, not a variable.)
 CVE-2007-0831 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Atsphp 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the CONF[path] parameter to (1) index.php, (2) sources/usercp.php, or (3) sources/admin.php. NOTE: Another researcher has disputed this vulnerability, noting that CONF[path] is defined before use in index.php, that CONF[path] inclusion cannot occur through a direct request to other affected files, and that usercp.php is a typo of user_cp.php.)
 CVE-2007-0784 (SQL injection vulnerability in login.asp for tPassword in the Raymond BERTHOU script collection (aka RBL - ASP) allows remote attackers to execute arbitrary SQL commands via the (1) User and (2) Password parameters.)
 CVE-2007-0784 (SQL injection vulnerability in login.asp for tPassword in the Raymond BERTHOU script collection (aka RBL - ASP) allows remote attackers to execute arbitrary SQL commands via the (1) User and (2) Password parameters.)
 CVE-2007-0769 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in register.php in Phorum 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the vendor disputes this vulnerability, stating that "The characters are escaped properly.")
 CVE-2007-0767 (Cross-site scripting (XSS) vulnerability in the core in Phorum before 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2007-0667 (The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872.)
 CVE-2007-0663 (SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter, a different vector than CVE-2007-0631. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-0656 (PHP remote file inclusion vulnerability in includes/functions.php in phpBB2-MODificat 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.)
 CVE-2007-0642 (SQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU script collection (aka RBL - ASP allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) pass to user_confirm.asp.)
 CVE-2007-0638 (show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers to obtain sensitive information (database contents) via a % (percent) character in the dbfieldv parameter.)
 CVE-2007-0637 (Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.)
 CVE-2007-0635 (Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b) blogs.php, or (2) the config[theme] parameter to (c) admin/gallery_head.php.)
 CVE-2007-0633 (PHP remote file inclusion vulnerability in include/themes/themefunc.php in MyNews 4.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter.)
 CVE-2007-0633 (PHP remote file inclusion vulnerability in include/themes/themefunc.php in MyNews 4.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter.)
 CVE-2007-0631 (SQL injection vulnerability in index.php in Eclectic Designs CascadianFAQ 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.)
 CVE-2007-0626 (The comment_form_add_preview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form validation routines.")
 CVE-2007-0624 (user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the full path via a ' (quote) character, and possibly other invalid values, in the uname parameter in a userinfo operation.)
 CVE-2007-0623 (SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows remote attackers to execute arbitrary SQL commands via the startrow parameter.)
 CVE-2007-0584 (PHP remote file inclusion vulnerability in membres/membreManager.php in PhP Generic Library & Framework for comm (g-neric) allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.)
 CVE-2007-0583 (Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander 6.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) LogoffMessage parameter to logofflast.aspx or the (2) txtUsername parameter to Default.aspx. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-0579 (Unspecified vulnerability in the calendar component in Horde Groupware Webmail Edition before 1.0, and Groupware before 1.0, allows remote attackers to include certain files via unspecified vectors. NOTE: some of these details are obtained from third party information.)
 CVE-2007-0575 (Multiple SQL injection vulnerabilities in the administrative login page (admin/login.asp) in ASPCode.net AdMentor allow remote attackers to execute arbitrary SQL commands via the (1) Userid and (2) Password fields.)
 CVE-2007-0574 (SQL injection vulnerability in rss/show_webfeed.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.40 allows remote attackers to execute arbitrary SQL commands via the wcHeadlines parameter, a different vector than CVE-2006-4715. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2007-0558 (PHP remote file inclusion vulnerability in modules/mail/main.php in Inter7 vHostAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the MODULES_DIR parameter.)
 CVE-2007-0519 (Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U Instant Messenger allows remote authenticated users to inject arbitrary web script or HTML via the recipient field.)
 CVE-2007-0518 (Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain encoded passwords via a direct request for pwd.txt.)
 CVE-2007-0517 (Scriptsez Random PHP Quote 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain password information via a direct request for pwd.txt.)
 CVE-2007-0509 (Multiple unspecified vulnerabilities in MaklerPlus before 1.2 have unknown impact and attack vectors, possibly relating to cross-site scripting (XSS) in the slogan parameter in main.tpl, or information leaks in error messages.)
 CVE-2006-6968 (Cross-site scripting (XSS) vulnerability in the group moderation control center page in Phorum before 5.1.19 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Оригинальный текстdocumentx0r0n_(at)_hotmail.com, phpBB2 MODificat (phpbb_root_path) Remote File Include Exploit (30.01.2007)
 documentGolD_M, MyNews 4.2.2 <= Remote File Include Vulnerability (30.01.2007)
 documentajannhwt_(at)_hotmail.com, CascadianFAQ <= 4.1 (index.php) Remote Blind SQL Injection Vulnerability (30.01.2007)
 documentajannhwt_(at)_hotmail.com, PHPFootball 1.6 (show.php) Remote Database Disclosure Vulnerability (30.01.2007)
 documenttrzindan_(at)_hotmail.fr, EncapsCMS 0.3.6 (common_foot.php) Remote File Include (30.01.2007)
 documenttrzindan_(at)_hotmail.fr, gnopaste <= 0.5.3 (index.php) Remote File Include Vulnerability (30.01.2007)
 documentsn0oPy.team_(at)_gmail.com, AdMentor (banners) admin SQL injection (30.01.2007)
 documentChris Travers, Arbitrary Code Execution in SQL-Ledger and LedgerSMB through redirects (30.01.2007)
 documentUwe Hermann, [DRUPAL-SA-2007-005] Drupal 4.7.6 / 5.1 fixes arbitrary code execution issue (30.01.2007)
 documentsn0oPy.team_(at)_gmail.com, RBL - ASP (scripts with db) SQL injection (30.01.2007)
 documentadexior_(at)_gmail.com, MDPro 1.0.76 - Multiple Remote Vulnerabilities (30.01.2007)
 documentHackers Center Security Group, Phorum HTML Injection Vulnerability (30.01.2007)
Файлы:PhP Generic library & framework (include_path) Remote File Include Exploit
 Galeria Zdjec <= v3.0 (zd_numer.php) Local File Include Exploit

DoS через VTP против коммутаторов Cisco Catalyst
дополнено с 28 января 2007 г.
Опубликовано:30 января 2007 г.
Источник:
SecurityVulns ID:7117
Тип:удаленная
Уровень опасности:
5/10
Описание:перезагрузка маршрутизатора на некорректном сообщении Subset-Advert VTP (VLAN Trunking Protocol).
CVE:CVE-2006-4776 (Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to execute arbitrary code via a long VLAN name in a VTP type 2 summary advertisement.)
 CVE-2006-4775 (The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and CatOS allows remote attackers to cause a denial of service by sending a VTP update with a revision value of 0x7FFFFFFF, which is incremented to 0x80000000 and is interpreted as a negative number in a signed context.)
 CVE-2006-4774 (The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to cause a denial of service by sending a VTP version 1 summary frame with a VTP version field value of 2.)
 CVE-2005-4826 (Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Catalyst 2950T switches allows remote attackers to cause a denial of service (device reboot) via a crafted Subset-Advert message packet, a different issue than CVE-2006-4774, CVE-2006-4775, and CVE-2006-4776.)
Оригинальный текстdocumentCISCO, Re: [Full-disclosure] S21sec-034-en: Cisco VTP DoS vulnerability (30.01.2007)
 documentlabs_(at)_s21sec.com, S21sec-034-en: Cisco VTP DoS vulnerability (28.01.2007)

Очередной набор ошибок в Oracle (multiple bugs)
Опубликовано:30 января 2007 г.
Источник:
SecurityVulns ID:7130
Тип:удаленная
Уровень опасности:
6/10
Описание:Многочисленные способы повышения привилегий. Обход защиты виртуальных защищенных баз данных.
Затронутые продукты:ORACLE : Oracle 10g
Оригинальный текстdocumentDavid Litchfield, Oracle - Indirect Privilege Escalation and Defeating Virtual Private Databases (30.01.2007)
Файлы:Defeating Virtual Private Databases (a chapter from the Oracle Hacker’s Handbook, David Litchfield, published by Wiley)
 Indirect Privilege Escalation (a chapter from the Oracle Hacker’s Handbook,David Litchfield, published by Wiley)

Повреждение памяти в Microsoft Agent (memory corruption)
дополнено с 14 ноября 2006 г.
Опубликовано:30 января 2007 г.
Источник:
SecurityVulns ID:6826
Тип:клиент
Уровень опасности:
7/10
Описание:Повреждение памяти при разборе файлов .ACF.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Microsoft XML Core Services 6.0
 MICROSOFT : Microsoft XML Core Services 4.0
CVE:CVE-2006-3445 (Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.)
Оригинальный текстdocumentCoseinc, COSEINC Alert: Microsoft Agent Heap Overflow Vulnerability Technical Details (Patched) (30.01.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS06-068 Vulnerability in Microsoft Agent Could Allow Remote Code Execution (920213) (14.11.2006)
Файлы:Microsoft Security Bulletin MS06-068 Vulnerability in Microsoft Agent Could Allow Remote Code Execution (920213)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород