Информационная безопасность
[RU] switch to English


Повышение привилегий через DBus-GLib / NetworkManager / ModemManager в Linux
Опубликовано:30 мая 2011 г.
Источник:
SecurityVulns ID:11699
Тип:библиотека
Уровень опасности:
5/10
Описание:Не проверяются флаги доступа экспортируемого объекта.
Затронутые продукты:DBUS : libdbus-glib 1.84
CVE:CVE-2010-1172 (DBus-GLib 0.73 disregards the access flag of exported GObject properties, which allows local users to bypass intended access restrictions and possibly cause a denial of service by modifying properties, as demonstrated by properties of the (1) DeviceKit-Power, (2) NetworkManager, and (3) ModemManager services.)
Оригинальный текстdocumentUBUNTU, [USN-1138-2] NetworkManager and ModemManager update (30.05.2011)
 documentUBUNTU, [USN-1138-1] DBus-GLib vulnerability (30.05.2011)

DoS против DNS-сервера ISC bind named
Опубликовано:30 мая 2011 г.
Источник:
SecurityVulns ID:11701
Тип:удаленная
Уровень опасности:
7/10
Описание:Большой RRSIG в отрицательном ответе приводит к assert()
Затронутые продукты:ISC : bind 9.6
 ISC : bind 9.7
 BIND : bind 9.8
CVE:CVE-2011-1910 (Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x before 9.8.0-P2, 9.4-ESV before 9.4-ESV-R4-P1, and 9.6-ESV before 9.6-ESV-R4-P1 allows remote DNS servers to cause a denial of service (assertion failure and daemon exit) via a negative response containing large RRSIG RRsets.)
Оригинальный текстdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-11:02.bind (30.05.2011)

DoS против DNS-сервера Unbound
Опубликовано:30 мая 2011 г.
Источник:
SecurityVulns ID:11702
Тип:удаленная
Уровень опасности:
5/10
Описание:DoS против зоны с подписью DNSSEC.
Затронутые продукты:UNBOUND : unbound 1.4
CVE:CVE-2009-4008 (Unbound before 1.4.4 does not send responses for signed zones after mishandling an unspecified query, which allows remote attackers to cause a denial of service (DNSSEC outage) via a crafted query.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2243-1] unbound security update (30.05.2011)

Многочисленные уязвимости безопасности в Google Chrome
Опубликовано:30 мая 2011 г.
Источник:
SecurityVulns ID:11703
Тип:удаленная
Уровень опасности:
6/10
Описание:Повреждения памяти, кратковременные условия повышения привилегий, DoS.
Затронутые продукты:GOOGLE : chrome 11.0
CVE:CVE-2011-1799 (Google Chrome before 11.0.696.68 does not properly perform casts of variables during interaction with the WebKit engine, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.)
 CVE-2011-1797 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.)
 CVE-2011-1444 (Race condition in the sandbox launcher implementation in Google Chrome before 11.0.696.57 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.)
 CVE-2011-1440 (Use-after-free vulnerability in Google Chrome before 11.0.696.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the ruby element and Cascading Style Sheets (CSS) token sequences.)
 CVE-2011-1293 (Use-after-free vulnerability in the HTMLCollection implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.)
 CVE-2011-1292 (Use-after-free vulnerability in the frame-loader implementation in Google Chrome before 10.0.648.204 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.)
Оригинальный текстdocumentDEBIAN, 2245 (30.05.2011)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
дополнено с 30 мая 2011 г.
Опубликовано:2 июня 2011 г.
Источник:
SecurityVulns ID:11698
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:APACHE : Archiva 1.3
 APACHE : Archiva 1.4
 MAHARA : mahara 1.3
CVE:CVE-2011-1407 (The DKIM implementation in Exim 4.7x before 4.76 permits matching for DKIM identities to apply to lookup items, instead of only strings, which allows remote attackers to execute arbitrary code or access a filesystem via a crafted identity.)
 CVE-2011-1405 (Cross-site scripting (XSS) vulnerability in Mahara before 1.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors associated with HTML e-mail messages, related to artefact/comment/lib.php and interaction/forum/lib.php.)
 CVE-2011-1404 (Mahara before 1.3.6 does not properly restrict the data in responses to AJAX calls, which allows remote authenticated users to obtain sensitive information via a request associated with (1) blocktype/myfriends/myfriends.json.php, (2) json/usersearch.php, (3) group/membersearchresults.json.php, or (4) json/friendsearch.php, as demonstrated by information about friends and e-mail addresses.)
 CVE-2011-1403 (Cross-site request forgery (CSRF) vulnerability in the pieforms implementation in Mahara before 1.3.6 allows remote attackers to hijack the authentication of arbitrary users for requests to any form, related to inappropriate regeneration of session keys.)
 CVE-2011-1402 (Mahara before 1.3.6 allows remote authenticated users to bypass intended access restrictions, and suspend a user account, edit a view, visit a view, edit a plan artefact, read a plans block, read a plan artefact, edit a blog, read a blog block, read a blog artefact, or access a block, via a request associated with (1) admin/users/search.json.php, (2) view/newviewtoken.json.php, (3) lib/mahara.php, (4) artefact/plans/tasks.json.php, (5) artefact/plans/viewtasks.json.php, (6) artefact/blog/view/index.json.php, (7) artefact/blog/posts.json.php, or (8) blocktype/myfriends/myfriends.json.php, related to incorrect privilege enforcement, a missing user id check, and incorrect enforcement of the Overriding Start/Stop Dates setting.)
 CVE-2011-1077 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
 CVE-2011-1026 (Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators.)
Оригинальный текстdocumentWalikarRiyazAD_(at)_microland.com, [CVE-2011-1077] Apache Archiva Multiple XSS vulnerabilities (02.06.2011)
 documentWalikarRiyazAD_(at)_microland.com, [CVE-2011-1026] Apache Archiva Multiple CSRF vulnerabilities (02.06.2011)
 documentDEBIAN, [SECURITY] [DSA 2246-1] mahara security update (30.05.2011)
 documentAPACHE, [SECURITY] CVE-2011-1026: Apache Archiva Multiple CSRF vulnerability (30.05.2011)
 documentAPACHE, [SECURITY] CVE-2011-1077: Apache Archiva Multiple XSS vulnerability (30.05.2011)

Уязвимости безопасности в ADSL-маршрутизаторе ZTE Callisto 821+
дополнено с 30 мая 2011 г.
Опубликовано:25 октября 2015 г.
Источник:
SecurityVulns ID:11700
Тип:удаленная
Описание:Межсайтовый скриптинг, подмена запроса.
Затронутые продукты:ZTE : Callisto 821+
Оригинальный текстdocumentMustLive, CSRF vulnerabilities in Callisto 821+R3 ADSL Router (25.10.2015)
 documentMustLive, Vulnerabilities in Callisto 821+R3 ADSL Router (25.10.2015)
 documentMustLive, Vulnerabilities in Callisto 821+R3 ADSL Router (25.10.2015)
 documentMustLive, Multiple DoS, CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (01.08.2011)
 documentMustLive, Multiple CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (26.07.2011)
 documentMustLive, Multiple CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (18.07.2011)
 documentMustLive, New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (27.06.2011)
 documentMustLive, New DoS, CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (27.06.2011)
 documentMustLive, New DoS, CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (23.06.2011)
 documentMustLive, CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (23.06.2011)
 documentMustLive, DoS, CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (17.06.2011)
 documentMustLive, New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (17.06.2011)
 documentMustLive, New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (15.06.2011)
 documentMustLive, New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (15.06.2011)
 documentMustLive, New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (10.06.2011)
 documentMustLive, New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (08.06.2011)
 documentMustLive, New vulnerabilities in ADSL modem Callisto 821+ (07.06.2011)
 documentMustLive, New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (03.06.2011)
 documentMustLive, New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (03.06.2011)
 documentMustLive, New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (02.06.2011)
 documentMustLive, New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (02.06.2011)
 documentMustLive, New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (02.06.2011)
 documentMustLive, CSRF vulnerabilities in ADSL modem Callisto 821+ (30.05.2011)
 documentMustLive, New CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (30.05.2011)
 documentMustLive, CSRF and XSS vulnerabilities in ADSL modem Callisto 821+ (30.05.2011)
 documentMustLive, Vulnerabilities in ADSL modem Callisto 821+ (30.05.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород