Информационная безопасность
[RU] switch to English


DoS против программного обеспечения AOL
Опубликовано:30 марта 2007 г.
Источник:
SecurityVulns ID:7509
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:AOL : AOL 9.0
CVE:CVE-2007-1767 (Unspecified vulnerability in (1) Deskbar.dll and (2) Toolbar.dll in AOL 9.0 before February 2007 allows remote attackers to cause a denial of service (browser crash) via unknown vectors.)
Оригинальный текстdocumentJustin Seitz, AOL 9.0 Deskbar.dll/Toolbar.dll DoS Vulnerability (30.03.2007)

Выполнение кода через ActiveX в IBM Lotus Sametime (code execution)
Опубликовано:30 марта 2007 г.
Источник:
SecurityVulns ID:7510
Тип:удаленная
Уровень опасности:
5/10
Описание:Через элемент ActiveX доступна функция LoadLibrary.
Затронутые продукты:IBM : Lotus Sametime 3.1
CVE:CVE-2007-1784 (The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus Notes Sametime before 7.5 allows remote attackers to load arbitrary DLL libraries and execute arbitrary code via arbitrary arguments to the loadLibrary function.)
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 03.29.07: IBM Lotus Sametime JNILoader Arbitrary DLL Load Vulnerability (30.03.2007)

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
Опубликовано:30 марта 2007 г.
Источник:
SecurityVulns ID:7511
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, утечка информации и т.д.
Затронутые продукты:SOFTERRA : Time-Assistant 6.2
CVE:CVE-2007-1964 (member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.)
 CVE-2007-1963 (SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.)
 CVE-2007-1850 (Directory traversal vulnerability in classes/captcha/captcha.jpg.php in Drake CMS allows remote attackers to read arbitrary files or list arbitrary directories, and obtain the installation path, via a .. (dot dot) in the d_private parameter. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS.")
 CVE-2007-1849 (Directory traversal vulnerability in 404.php in Drake CMS allows remote attackers to include and execute arbitrary local arbitrary files via a .. (dot dot) in the d_private parameter. NOTE: some of these details are obtained from third party information. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS.")
 CVE-2007-1848 (Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php in Drake CMS allows remote attackers to inject arbitrary web script or HTML via the desc[][title] field. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS.")
 CVE-2007-1787 (Multiple PHP remote file inclusion vulnerabilities in lib/timesheet.class.php in Softerra Time-Assistant 6.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_dir or (2) lib_dir parameter.)
Оригинальный текстdocumenterdc_(at)_echo.or.id, [ECHO_ADV_80$2007] Softerra Time-Assistant <= 6.2 (inc_dir) Remote File Inclusion Vulnerability (30.03.2007)
 documentHACKERS PAL, DrakeCMS multiple vulerabilities (30.03.2007)
 documentHACKERS PAL, Mybb Change Password Vulnerability (30.03.2007)

Повышение привилегий через lsmcode в AIX (privilege escalation)
дополнено с 30 мая 2006 г.
Опубликовано:30 марта 2007 г.
Источник:
SecurityVulns ID:6201
Тип:локальная
Уровень опасности:
5/10
Описание:Запускается приложение, сконфигурированное через переменную окружения пользователя.
Затронутые продукты:IBM : AIX 5.1
 IBM : AIX 5.2
 IBM : AIX 5.3
Оригинальный текстdocumentpr1nce_empire_(at)_yahoo.com, AIX 4.3 lsmcode local root command execution (30.03.2007)
 documentSECUNIA, [SA20325] AIX lsmcode Unspecified Privilege Escalation Vulnerability (30.05.2006)

Проблемы с анимированными курсорами в Microsoft Windows
дополнено с 30 марта 2007 г.
Опубликовано:4 апреля 2007 г.
Источник:
SecurityVulns ID:7508
Тип:клиент
Уровень опасности:
10/10
Описание:переполнение буфера стековой памяти используется для скрытой установки вредоносного кода.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-1867 (Buffer overflow in IrfanView 3.99 allows remote attackers to execute arbitrary code via a crafted animated cursor (ANI) file.)
 CVE-2007-1765 (Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.)
 CVE-2007-0038 (Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.)
Оригинальный текстdocumentCERT, US-CERT Technical Cyber Security Alert TA07-093A -- Microsoft Update for Windows Animated Cursor Vulnerability (04.04.2007)
 documentjamikazu_(at)_gmail.com, Windows XP/Vista (.ANI) Remote Exploit (bypass eeye patch) (03.04.2007)
 documentGadi Evron, More information on ZERT patch for ANI 0day (03.04.2007)
 documentCERT, US-CERT Technical Cyber Security Alert TA07-089A -- Microsoft Windows ANI header stack buffer overflow (31.03.2007)
 documentMICROSOFT, Microsoft Security Advisory (935423) Vulnerability in Windows Animated Cursor Handling (30.03.2007)
 documentEEYE, [Full-disclosure] ANI Zeroday, Third Party Patch (30.03.2007)
 documentAlexander Sotirov, 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) (30.03.2007)
Файлы:Exploits Windows .ANI LoadAniIcon Stack Overflow
 Exploits Windows .ANI LoadAniIcon Stack Overflow
 Windows ANI LoadAniIcon() Chunk Size Stack Overflow (SMTP)
 Windows ANI LoadAniIcon() Chunk Size Stack Overflow (HTTP)
 Windows Animated Cursor Handling Exploit (0day) (Version3)
 Microsoft ANI Buffer Overflow Exploit Web Download Code Execution Exploit
 Microsoft Windows multiple GDI vulnerabilities
 Microsoft Security Advisory (935423) Vulnerability in Windows Animated Cursor Handling

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород