|
En la PrensaSecuriteamWelcome to the SecuriTeam RSS Feed - sponsored by Beyond Security. ¡Know Your Vulnerabilities! Visit BeyondSecurity.com fuero your sitio web, network and cifra security auditoría and exploración needs.
It has been brought to our attention that a number of security vulnerabilities have been noted in SQL-Ledger. Several of these affect earlier versions of LedgerSMB, and three hotfixes have been released for problems that continue to affect the LedgerSMB codebase. Insecure permisos corta been detected en the múltiple Kaspersky LAB antivirus products. Piwik unserializes () user input which allows an attacker to send a carefully crafted cookie that when unserialized utilizes Piwik' s classes to upload arbitrary files or execute arbitrary PHP code. Invision Power Board has a PHP file inclusion vulnerability that is trivial to exploit with a web browser and a known location of a php file residing on the target system. Autorisation is not required. The SQL injection vulnerability is somewhat tricky to exploit as there are quite a few restrictions that make creating a successful sql attack vector difficult. Nevertheless a crafty attacker might issue a series of requests that might allow him to gain some information about the target system or even read files from the disk depending on permissions granted to the db account that is used by the forum. The U.S. Defense Information Systems Agency (DISA) publishes Security Readiness Review scripts (SRRs) to ensure systems and software meet security baselines required by the Department of Defense. Unprivileged local users can obtain root access on Unix systems where the DISA SRR scripts are run. Milw0rmmilw0rm.com ' s latest hazaña rss feed
|
Kaspersky Antivirus 2010 <>
Program : Kaspersky Antivirus 2010 de 9.0.0.46 3 Homepage : http://www.kaspersky.com Discovery : 2009/09/29 Author Contacted: 2009/10/01 Patch Updated : 2009/11/16 Found by : Heurs This Advisory : Heurs Contacto : s.leberre@sysdream.com GMER =< 1="">
//----- Advisory Program : GMER 1.0.15.150 87 Homepage : http://www.gmer.net Discovery : 2009/07/28 Author Contacted: 2009/09/28 Author Response : 2009/09/28 Patch Updated : 2009/10/05 Found by : Heurs This Advisory : Heurs Contacto : s.leberre@sysdream.com ¡Local Privilegio Escalation en Avast!
//----- Advisory Program : ¡avast! 4.8.1335 profesional Homepage : http://www.avast.com Discovery : 2009/07/29 Author Contacted: 2009/07/31 Found by : Heurs This Advisory : Heurs Contacto : heurs@ghostsinthstack.org, s.leberre@sysdream.com Phorum: Permanente Crosita Scripting Vulnerabilities
//----- Advisory Program : Phorum 5.2.11 Homepage : http://www.phorum.org/ Discovery : 2009/07/16 Author Contacted: 2009/07/17 Found by : crashfr AT sysdream dote COM This Advisory : crashfr AT sysdream dote COM NPDS: Serveral Vulnerabilities
//----- Advisory Programa informático : NPDS Homepage : http://www.npds.org/ Tested versión : < 08.06 Found by : Jean-François LECLERC This advisory : nosp AT sysdream dote COM Discovery fecha : 2008/04/24 Vendor notified : 2008/04/25 Linksys IP Fonio SPA942: Denial Apagado Servicio
//----- Advisory Quincallería : Linksys IP Fonio SPA942 Homepage : http://www.linksys.com/ Tested versión : 5.1.5 Found by : crashfr AT sysdream dote COM This advisory : crashfr AT sysdream dote COM Discovery fecha : 2007/03/19 Vendor notified : 2007/03/20 GNU generador de vapor: Stack Overflow Vulnerability
//----- Advisory Program : GNU generador de vapor Homepage : http://www.gnu.org/software/gv/ Tested versión : 3.6.2 Found by : r.lifchitz AT sysdream dote COM This advisory : r.lifchitz AT sysdream dote COM Discovery fecha : 2006/11/06 Vendor notified : 2006/11/09 Symantec corporate antivirus: escalation privilege vulnerability
//----- Advisory Program : Symantec Corporate Antivirus - 10.1 Homepage : http://www.symantec.com/ Discovery : 2006/07/11 Author Contacted : 2006/07/18 Found by : ali AT sysdream dote COM This Advisory : ali AT sysdream dote COM Stonevoice Aplicación Consecuencia v 2.2: Several vulnerabilities
//----- Advisory Program : Stonevoice Aplicación Consecuencia - Gusano. 2.2 (build #9) Homepage : http://www.stonevoice.com/ Discovery : 2006/06/17 Author Contacted : 2006/07/17 Found by : crashfr AT sysdream dote COM This Advisory : ali AT sysdream dote COM Camino Hojeador: Denial Apagado Servicio
//----- Advisory Program: Camino Hojeador Homepage: http://www.caminobrowser.org Tested versión: <> |
Advisories Seguridad Informática
Prensa Seguridad Informática
US-CERTNational Vulnerability DatabaseThis feed contains the most recent fully analyzed CVE cyber vulnerabilities published within the National Vulnerability Database.
The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command. Parachoques overflow en qoslist en bos.net.tc p.server en IBM AIX 6.1 and VIOS 2.1 allows local users to ganancia privilegios mediante unspecified vectors. Parachoques overflow en qosmod en bos.net.tc p.server en IBM AIX 6.1 and VIOS 2.1 allows local users to ganancia privilegios mediante unspecified vectors. Cross-site scripting (XSS) vulnerability in WebEditor/Authentication/LoginPage.aspx in IBM ENOVIA SmarTeam 5 allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter. Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6,6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010. The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document. Buffer overflow in Microsoft Windows Movie Maker 2.1,2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka “Movie Maker and Producer Buffer Overflow Vulnerability.” Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka “Microsoft Office Excel DbOrParamQry Marca Parsing Vulnerability.” Microsoft Office Excel 2007 SP1 and SP2; Oficina 2008 de fuero Mac; Abierto XML Fila Formato Converter fuero Mac; Office Excel Viewer SP1 and SP2; Oficina Compatibility Pack fuero Word, Excel, and PowerPoint 2007 de Fila Formatos SP1 and SP2; and Oficina SharePoint Server 2007 SP1 and SP2 DO not validate ZIP headers during descompresión apagado Abierto XML (.XLSX) documentos, which allows remote attackers to execute arbitrary cifra mediante a crafted documento that triggers acceso to uninitialized memory alquileres, aka a “Microso… Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka “Microsoft Office Excel FNGROUPNAME Marca Uninitialized Memory Vulnerability.” |
| 2008 - 2009 de © Sysdream - N° de autorización 11930594993 - Menciones Legales - CGV | Recepción | Productos y Servicios | Prensa | Contacto |
