|
SecuriteamWelcome to the SecuriTeam RSS Feed - sponsored by Beyond Security. Know Your Vulnerabilities! Visit BeyondSecurity.com for your web sítio, network and codifica security auditoria and scanning needs.
It has been brought to our attention that a number of security vulnerabilities have been noted in SQL-Ledger. Several of these affect earlier versions of LedgerSMB, and three hotfixes have been released for problems that continue to affect the LedgerSMB codebase. Insecure permissões corta been detected dentro the múltiplo Kaspersky Laboratório antivirus products. Piwik unserializes () user input which allows an attacker to send a carefully crafted cookie that when unserialized utilizes Piwik' s classes to upload arbitrary files or execute arbitrary PHP code. Invision Power Board has a PHP file inclusion vulnerability that is trivial to exploit with a web browser and a known location of a php file residing on the target system. Autorisation is not required. The SQL injection vulnerability is somewhat tricky to exploit as there are quite a few restrictions that make creating a successful sql attack vector difficult. Nevertheless a crafty attacker might issue a series of requests that might allow him to gain some information about the target system or even read files from the disk depending on permissions granted to the db account that is used by the forum. The U.s. Defense Information Systems Agency (DISA) publishes Security Readiness Review scripts (SRRs) to ensure systems and software meet security baselines required by the Department of Defense. Unprivileged local users can obtain root access on Unix systems where the DISA SRR scripts are run. Milw0rmmilw0rm.com ' s latest proeza rss feed
|
Vulnerability httpdx v1.5.3
Program : Httpdx v1.5.3 PoC : Remote Break Serviços Homepage : http://sourceforge.net/projects/httpdx/ Found by : Jonathan Salwan This Advisory : Jonathan Salwan Contacto : j.salwan@sysdream.com Kaspersky Anti-Virus 2010 <>
Program : Kaspersky Anti-Virus 2010 de 9.0.0.46 3 Homepage : http://www.kaspersky.com Discovery : 2009/09/29 Author Contacted: 2009/10/01 Patch Updated : 2009/11/16 Found by : Heurs This Advisory : Heurs Contacto : s.leberre@sysdream.com GMER =< 1="">
//----- Advisory Program : GMER 1.0.15.150 87 Homepage : http://www.gmer.net Discovery : 2009/07/28 Author Contacted: 2009/09/28 Author Response : 2009/09/28 Patch Updated : 2009/10/05 Found by : Heurs This Advisory : Heurs Contacto : s.leberre@sysdream.com Sala Privilégio Escalation dentro Avast!
//----- Advisory Program : avast! 4.8.1335 profissional Homepage : http://www.avast.com Discovery : 2009/07/29 Author Contacted: 2009/07/31 Found by : Heurs This Advisory : Heurs Contacto : heurs@ghostsinthstack.org, s.leberre@sysdream.com Phorum: Membro permanente Cross-Site Scripting Vulnerabilities
//----- Advisory Program : Phorum 5.2.11 Homepage : http://www.phorum.org/ Discovery : 2009/07/16 Author Contacted: 2009/07/17 Found by : crashfr em sysdream dote COM This Advisory : crashfr em sysdream dote COM NPDS: Serveral Vulnerabilities
//----- Advisory "software" : NPDS Homepage : http://www.npds.org/ Tested versão : < 08.06 Found by : Jean-François LECLERC This advisory : nosp em sysdream dote COM Discovery data : 2008/04/24 Vendor notified : 2008/04/25 Linksys IP Phone SPA942: Denial Fora Serviço
//----- Advisory Hardware : Linksys IP Phone SPA942 Homepage : http://www.linksys.com/ Tested versão : 5.1.5 Found by : crashfr em sysdream dote COM This advisory : crashfr em sysdream dote COM Discovery data : 2007/03/19 Vendor notified : 2007/03/20 GNU gv: Stack Overflow Vulnerability
//----- Advisory Program : GNU gv Homepage : http://www.gnu.org/software/gv/ Tested versão : 3.6.2 Found by : r.lifchitz em sysdream dote COM This advisory : r.lifchitz em sysdream dote COM Discovery data : 2006/11/06 Vendor notified : 2006/11/09 Symantec corporate antivirus: escalation privilege vulnerability
//----- Advisory Program : Symantec Corporate Antivirus - 10.1 Homepage : http://www.symantec.com/ Discovery : 2006/07/11 Author Contacted : 2006/07/18 Found by : ali em sysdream dote COM This Advisory : ali em sysdream dote COM Stonevoice Aplicação Sequência v 2.2: Several vulnerabilities
//----- Advisory Program : Stonevoice Aplicação Sequência - Verme. 2.2 (build #9) Homepage : http://www.stonevoice.com/ Discovery : 2006/06/17 Author Contacted : 2006/07/17 Found by : crashfr em sysdream dote COM This Advisory : ali em sysdream dote COM |
Advisories Segurança Informática
Imprensa Segurança Informática
US-CERTNational Vulnerability DatabaseThis feed contains the most recent fully analyzed CVE cyber vulnerabilities published within the National Vulnerability Database.
The FTP proxy server in Apple AirPort Express, AirPort Extreme, and Time Capsule with firmware 7.5 does not restrict the IP address and port specified in a PORT command from a client, which allows remote attackers to leverage intranet FTP servers for arbitrary TCP forwarding via a crafted PORT command. Protecção overflow dentro qoslist dentro bos.net.tc p.server dentro IBM AIX 6.1 and VIOS 2.1 allows local users to lucro privilégios via unspecified vectors. Protecção overflow dentro qosmod dentro bos.net.tc p.server dentro IBM AIX 6.1 and VIOS 2.1 allows local users to lucro privilégios via unspecified vectors. Cross-site scripting (XSS) vulnerability in WebEditor/Authentication/LoginPage.aspx in IBM ENOVIA SmarTeam 5 allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter. Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6,6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010. The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document. Buffer overflow in Microsoft Windows Movie Maker 2.1,2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka “Movie Maker and Producer Buffer Overflow Vulnerability.” Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka “Microsoft Office Excel DbOrParamQry Recorde Parsing Vulnerability.” Microsoft Office Excel 2007 SP1 and SP2; Serviço 2008 de for Mac; Abertos XML Fila Formato Converter for Mac; Office Excel Viewer SP1 and SP2; Serviço Compatibility Pack for Word, Excel, and PowerPoint 2007 de Fila Formatos SP1 and SP2; and Serviço SharePoint Server 2007 SP1 and SP2 do not validate ZIP headers during descompressão fora Aberto XML (.XLSX) documentos, which allows remote attackers to execução arbitrary codifica via a crafted documento that triggers acesso to uninitialized memory alugueres, aka “Microso… Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka “Microsoft Office Excel FNGROUPNAME Recorde Uninitialized Memory Vulnerability.” |
| 2008 - 2009 de © Sysdream - N° de aprovação 11930594993 - Menções Legais - CGV | Acolhimento | Produtos & Serviços | Imprensa | Contacto |
