 |
|
|
|
Межсайтовый скриптинг в CA Service Desk
дополнено с 30 сентября 2008 г. | | Опубликовано: |  | 30 сентября 2008 г. | | Источник: |  | BUGTRAQ | | SecurityVulns ID: |  | 9314 | | Тип: |  | удаленная | | Опасность: |  | 5/10 | | Описание: |  | Многочисленные возможности межсайтового скриптинга. |
| Переполнение буфера в ActiveX Novell ZenWorks | | Опубликовано: | | 30 сентября 2008 г. | | Источник: | | BUGTRAQ | | SecurityVulns ID: | | 9322 | | Тип: | | клиент | | Опасность: | | 6/10 | | Описание: | | Переполнение буфера в методе CanUninstall |
| Переполнение буфера в MPlayer | | Опубликовано: | | 30 сентября 2008 г. | | Источник: | | BUGTRAQ | | SecurityVulns ID: | | 9319 | | Тип: | | клиент | | Опасность: | | 6/10 | | Описание: | | Три целочисленных переполнения, приводящих к переполнению буфера при разборе видеофайлов. |
| Затронутые продукты: |  | MPLAYER : MPlayer 1.0 | | CVE: |  | CVE-2008-3827 (Multiple integer underflows in the Real demuxer (demux_real.c) in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service (process termination) and possibly execute arbitrary code via a crafted video file that causes the stream_read function to read or write arbitrary memory.) |
| Несанкционированный доступ к файлам в HP Insight Diagnostics | | Опубликовано: | | 30 сентября 2008 г. | | Источник: | | BUGTRAQ | | SecurityVulns ID: | | 9323 | | Тип: | | удаленная | | Опасность: | | 6/10 |
| Несанкционированный доступ к Linksys WRT350N | | Опубликовано: | | 30 сентября 2008 г. | | Источник: | | BUGTRAQ | | SecurityVulns ID: | | 9315 | | Тип: | | удаленная | | Опасность: | | 5/10 | | Описание: | | Используется старая версия Samba, имеется учетная запись по умолчанию и неотключаемая гостевая запись. |
| Переполнение буфера в DATAC RealWin | | Опубликовано: | | 30 сентября 2008 г. | | Источник: | | BUGTRAQ | | SecurityVulns ID: | | 9316 | | Тип: | | удаленная | | Опасность: | | 5/10 | | Описание: | | Переполнение буфера при чтении сетевого пакета в порт TCP/910 |
| Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl) | | Опубликовано: | | 30 сентября 2008 г. | | Источник: | | | | SecurityVulns ID: | | 9320 | | Тип: | | удаленная | | Опасность: | | 5/10 | | Описание: | | Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д. |
| Оригинальный текст |  | Ghost hacker, ASP News Remote Password Disclouse Vulnerability (30.09.2008) |
| | | Ghost hacker, csphonebook 1.02 Remote XSS Vulnerabilitiy (30.09.2008) |
| | | Ghost hacker, shoutbox Remote Password Disclouse Vulnerability (30.09.2008) |
| | | Ghost hacker, hyBook Remote Password Disclouse Vulnerability (30.09.2008) |
| | | Ghost hacker, Login Password Sample Remote Password Disclouse Vulnerability (30.09.2008) |
| | | tan_prathan_(at)_hotmail.com, PHP Calendar Script Remote XSS (Permanent) Vulnerabilities (30.09.2008) |
| | | admin_(at)_bugreport.ir, ParsaWeb CMS SQL Injection (30.09.2008) |
| | | biglowbird_(at)_googlemail.com, FtitzBox (30.09.2008) |
| | | Pepelux, Crux Gallery <= 1.32 / Insecure Cookie Handling Vulnerability (30.09.2008) |
| | | Pepelux, The Gemini Portal <= 4.7 / Insecure Cookie Handling Vulnerability (30.09.2008) |
| | | Guns_(at)_0x90.com.ar, RPG.Board <= 0.0.8Beta2 Remote SQL Injection (30.09.2008) |
Многочисленные уязвимости в Mozilla Firefox / Thunderbird / Seamonkey
дополнено с 29 сентября 2008 г. | | Опубликовано: | | 30 сентября 2008 г. | | Источник: | | BUGTRAQ | | SecurityVulns ID: | | 9310 | | Тип: | | клиент | | Опасность: | | 7/10 | | Описание: | | Повреждение памяти, повышение привилегий, межсайтовый скриптинг, DoS-атаки, переполнение буфера. |
| Затронутые продукты: | | MOZILLA : Firefox 2.0 | | | | MOZILLA : Thunderbird 2.0 | | | | MOZILLA : SeaMonkey 1.1 | | | | MOZILLA : Firefox 3.0 | | CVE: | | CVE-2008-4070 (Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long header in a news article, related to "canceling [a] newsgroup message" and "cancelled newsgroup messages.") | | | | CVE-2008-4069 (The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to read uninitialized memory, and possibly obtain sensitive information in opportunistic circumstances, via a crafted XBM image file.) | | | | CVE-2008-4068 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass "restrictions imposed on local HTML files," and obtain sensitive information and prompt users to write this information into a file, via directory traversal sequences in a resource: URI.) | | | | CVE-2008-4067 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 on Linux allows remote attackers to read arbitrary files via a .. (dot dot) and URL-encoded / (slash) characters in a resource: URI.) | | | | CVE-2008-4066 (Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav�ascript" sequence, aka "HTML escaped low surrogates bug.") | | | | CVE-2008-4065 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via byte order mark (BOM) characters that are removed from JavaScript code before execution, aka "Stripped BOM characters bug.") | | | | CVE-2008-4062 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the JavaScript engine and (1) misinterpretation of the characteristics of Namespace and QName in jsxml.c, (2) misuse of signed integers in the nsEscapeCount function in nsEscape.cpp, and (3) interaction of JavaScript garbage collection with certain use of an NPObject in the nsNPObjWrapper::GetNewOrUsed function in nsJSNPRuntime.cpp.) | | | | CVE-2008-4061 (Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via an mtd element with a large integer value in the rowspan attribute, related to the layout engine.) | | | | CVE-2008-4060 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allow remote attackers to create documents that lack script-handling objects, and execute arbitrary code with chrome privileges, via vectors related to (1) the document.loadBindingDocument function and (2) XSLT.) | | | | CVE-2008-4059 (The XPConnect component in Mozilla Firefox before 2.0.0.17 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to a SCRIPT element.) | | | | CVE-2008-4058 (The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to "pollute XPCNativeWrappers" and execute arbitrary code with chrome privileges via vectors related to (1) chrome XBL and (2) chrome JS.) | | | | CVE-2008-3837 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey before 1.1.12, allow user-assisted remote attackers to move a window during a mouse click, and possibly force a file download or unspecified other drag-and-drop action, via a crafted onmousedown action that calls window.moveBy, a variant of CVE-2003-0823.) | | | | CVE-2008-3836 (feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers to execute scripts with chrome privileges via vectors related to feed preview and the (1) elem.doCommand, (2) elem.dispatchEvent, (3) _setTitleText, (4) _setTitleImage, and (5) _initSubscriptionUI functions.) | | | | CVE-2008-3835 (The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox before 2.0.0.17, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code via unknown vectors.) | | | | CVE-2008-0016 |
| Оригинальный текст | | Aditya K Sood, Advisory: Mozilla Firefox User Interface Null Pointer Dereference Dispatcher Crash and Remote Denial of Service. (30.09.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-37 (29.09.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-38 (29.09.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-39 (29.09.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-40 (29.09.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-41 (29.09.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-42 (29.09.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-43 (29.09.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-44 (29.09.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-45 (29.09.2008) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2008-46 (29.09.2008) |
| DoS против Checkpoint ZoneAlarm | | Опубликовано: | | 30 сентября 2008 г. | | Источник: | | BUGTRAQ | | SecurityVulns ID: | | 9321 | | Тип: | | удаленная | | Опасность: | | 6/10 | | Описание: | | DoS при анализе HTTP-трафика. |
Проблема небезопасного fgets() во многих FTP-сервера.
дополнено с 30 сентября 2008 г. | | Опубликовано: | | 11 января 2009 г. | | Источник: | | BUGTRAQ | | SecurityVulns ID: | | 9317 | | Тип: | | удаленная | | Опасность: | | 5/10 | | Описание: | | Возможно внедрить дополнительные команды в URL. |
| Затронутые продукты: | | FREEBSD : FreeBSD 7.0 | | | | NETBSD : NetBSD 4.0 | | | | OPENBSD : OpenBSD 4.3 | | CVE: | | CVE-2008-4247 (ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.) |
DoS против браузеров Google Chrome Mozilla Firefox, Opera, Internet Explorer
дополнено с 30 сентября 2008 г. | | Опубликовано: | | 12 февраля 2009 г. | | Источник: | | | | SecurityVulns ID: | | 9318 | | Тип: | | клиент | | Опасность: | | 5/10 | | Описание: | | Вызов в цикле функции window.print() приводит к зависанию браузера. Неконтролируемое выделение памяти. Возможность закрытия окна без подтверждения пользователем. |
| Оригинальный текст | | MustLive, DoS vulnerability in Internet Explorer 7 (12.02.2009) |
| | | MustLive, DoS vulnerability in Mozilla, Opera and Google Chrome (01.11.2008) |
| | | MustLive, DoS vulnerability in Firefox, Internet Explorer and Google Chrome (01.11.2008) |
| | | Aditya K Sood, Google Chrome OnbeforeUload and OnUnload Null Check Vulnerability. (26.10.2008) |
| | | MustLive, DoS vulnerabilities in Mozilla, Internet Explorer, Google Chrome and Opera (24.10.2008) |
| | | MustLive, DoS vulnerability in Internet Explorer (01.10.2008) |
| | | UniquE_(at)_UniquE-Key.Org, MS Internet Explorer 7 Denial Of Service Exploit (30.09.2008) |
| | | Aditya K Sood, Advisory: Google Chrome Window Object Suppressing Remote Denial of Service. (30.09.2008) |
| | | Aditya K Sood, Advisory : Opera Window Object Suppressing Remote Denial of Service (30.09.2008) |
| | | Aditya K Sood, Advisory: Mozilla Firefox User Interface Null Pointer Dereference Dispatcher Crash and Remote Denial of Service. (30.09.2008) |
| | | MustLive, DoS vulnerability in Google Chrome (30.09.2008) |
| | | MustLive, DoS vulnerability in Opera (30.09.2008) |
| | | MustLive, DoS vulnerability in Firefox (30.09.2008) |
|
|
|
|
|
|
|
|
