From sec-adv at secunia.com Mon Aug 2 10:28:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 2 Aug 2010 19:28:37 +0200 Subject: [SEC] [SA40800] 32bit FTP Directory Download Directory Traversal Vulnerability Message-ID: <201008021728.o72HSbiB031775@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: 32bit FTP Directory Download Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA40800 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40800/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40800 RELEASE DATE: 2010-08-02 DISCUSS ADVISORY: http://secunia.com/advisories/40800/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40800/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40800 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in 32bit FTP, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when downloading directories containing files with directory traversal specifiers in the filename. This can be exploited to download files to an arbitrary location on a user's system. Successful exploitation requires that the user is tricked into connecting and downloading a directory from a malicious FTP server. The vulnerability is confirmed in version 10.08.01. Other versions may also be affected. SOLUTION: Download from trusted servers only. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_32bit_ftp_client.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 2 11:27:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 2 Aug 2010 20:27:22 +0200 Subject: [SEC] [SA40818] SigPlus Pro ActiveX Control "LCDWriteString()" Method Buffer Overflow Message-ID: <201008021827.o72IRMDW021857@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: SigPlus Pro ActiveX Control "LCDWriteString()" Method Buffer Overflow SECUNIA ADVISORY ID: SA40818 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40818/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40818 RELEASE DATE: 2010-08-02 DISCUSS ADVISORY: http://secunia.com/advisories/40818/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40818/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40818 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: mr_me has discovered a vulnerability in SigPlus Pro ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in SigPlus.ocx when handling the "HexString" argument passed to the "LCDWriteString()" method and can be exploited to cause a stack-based buffer overflow via an overly long string. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 3.74. Other versions may also be affected. SOLUTION: Update to version 3.95. PROVIDED AND/OR DISCOVERED BY: mr_me ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/14514/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 2 12:27:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 2 Aug 2010 21:27:44 +0200 Subject: [SEC] [SA40831] Joomla! Spielothek Component Multiple SQL Injection Vulnerabilities Message-ID: <201008021927.o72JRivK012010@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Joomla! Spielothek Component Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA40831 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40831/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40831 RELEASE DATE: 2010-08-02 DISCUSS ADVISORY: http://secunia.com/advisories/40831/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40831/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40831 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Salvatore Fresta has discovered some vulnerabilities in the Spielothek component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. 1) Input passed via the "bid" parameter to index.php (when "option" is set to "com_spielothek" and "task" is set to "savebattle") is not properly sanitised before being used in SQL queries in models/battle.php. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed via the "bid" parameter to index.php (when "option" is set to "com_spielothek", "view" is set to "battle", and "wtbattle" is set to "play") is not properly sanitised before being used in SQL queries in views/battle/view.html.php. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 3) Input passed via the "loeschen" parameter to index.php (when "option" is set to "com_spielothek", "view" is set to "battle", "wtbattle" is set to "ddbdelete", and "dbtable" is set to "vS") is not properly sanitised before being used in SQL queries in models/battle.php. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 1.6.9. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Salvatore Fresta aka Drosophila ORIGINAL ADVISORY: http://adv.salvatorefresta.net/Spielothek_1.6.9_Joomla_Component_Multiple_Blind_SQL_Injection-31072010.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 2 13:30:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 2 Aug 2010 22:30:19 +0200 Subject: [SEC] [SA40802] FTP Commander Directory Download Directory Traversal Vulnerability Message-ID: <201008022030.o72KUJPv002224@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: FTP Commander Directory Download Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA40802 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40802/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40802 RELEASE DATE: 2010-08-02 DISCUSS ADVISORY: http://secunia.com/advisories/40802/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40802/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40802 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in FTP Commander, FTP Commander Pro, and FTP Commander Deluxe, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when downloading directories containing files with directory traversal specifiers in the filename. This can be exploited to download files to an arbitrary location on a user's system. Successful exploitation requires that the user is tricked into connecting and downloading a directory from a malicious FTP server. The vulnerability is confirmed in FTP Commander and FTP Commander Pro version 8.02 and FTP Commander Deluxe version 9.2. SOLUTION: Download from trusted servers only. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_ftp_commander.html http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_ftp_commander_pro.html http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_ftp_commander_deluxe.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 2 14:22:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 2 Aug 2010 23:22:40 +0200 Subject: [SEC] [SA40786] BarCodeWiz Barcode "LoadProperties()" Buffer Overflow Vulnerability Message-ID: <201008022122.o72LMeNa024468@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: BarCodeWiz Barcode "LoadProperties()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA40786 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40786/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40786 RELEASE DATE: 2010-08-02 DISCUSS ADVISORY: http://secunia.com/advisories/40786/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40786/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40786 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the BarCodeWiz Barcode ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in BarcodeWiz.dll when handling arguments passed to the "LoadProperties()" method. This can be exploited to cause a stack-based buffer overflow via an overly long string passed as argument. Successful exploitation allows execution of arbitrary code when a user visits a malicious website. The vulnerability is confirmed in version 3.29. Other versions may also be affected. SOLUTION: Set the kill-bit for the affected ActiveX control. PROVIDED AND/OR DISCOVERED BY: loneferret ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/14504/ http://www.exploit-db.com/exploits/14505/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 2 14:42:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 2 Aug 2010 23:42:19 +0200 Subject: [SEC] [SA40815] Xion Audio Player Playlist File Parsing Buffer Overflow Message-ID: <201008022142.o72LgJMv012809@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Xion Audio Player Playlist File Parsing Buffer Overflow SECUNIA ADVISORY ID: SA40815 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40815/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40815 RELEASE DATE: 2010-08-02 DISCUSS ADVISORY: http://secunia.com/advisories/40815/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40815/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40815 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Xion Audio Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in DefaultPlaylist.dll when parsing file names in playlists. This can be exploited to cause a stack-based buffer overflow by tricking a user into opening e.g. a specially crafted M3U playlist file. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in version 1.0 build 125. Other versions may also be affected. SOLUTION: Do not open untrusted playlists. PROVIDED AND/OR DISCOVERED BY: hadji samir Additional details provided by Secunia Research. ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/14517/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 2 15:00:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Aug 2010 00:00:41 +0200 Subject: [SEC] [SA40799] Debian update for libmikmod Message-ID: <201008022200.o72M0fpB001104@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Debian update for libmikmod SECUNIA ADVISORY ID: SA40799 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40799/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40799 RELEASE DATE: 2010-08-02 DISCUSS ADVISORY: http://secunia.com/advisories/40799/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40799/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40799 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for libmikmod. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system. For more information: SA37775 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA-2081-1: http://lists.debian.org/debian-security-announce/2010/msg00126.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 2 15:25:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Aug 2010 00:25:09 +0200 Subject: [SEC] [SA40822] Red Hat update for freetype Message-ID: <201008022225.o72MP9K1022110@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Red Hat update for freetype SECUNIA ADVISORY ID: SA40822 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40822/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40822 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40822/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40822/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40822 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for freetype. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA40586 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0578-1: http://rhn.redhat.com/errata/RHSA-2010-0578.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 2 15:46:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Aug 2010 00:46:04 +0200 Subject: [SEC] [SA40793] TurboFTP Directory Download Directory Traversal Vulnerability Message-ID: <201008022246.o72Mk44X010497@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: TurboFTP Directory Download Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA40793 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40793/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40793 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40793/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40793/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40793 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in TurboFTP, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when downloading directories containing files with directory traversal specifiers in the filename. This can be exploited to download files to an arbitrary location on a user's system. Successful exploitation requires that the user is tricked into connecting and downloading a directory from a malicious FTP server. The vulnerability is confirmed in version 6.30 Build 810. Other versions may also be affected. SOLUTION: Download from trusted servers only. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_turboftp_6_client.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 2 16:11:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Aug 2010 01:11:32 +0200 Subject: [SEC] [SA40806] socat Command Line Argument Buffer Overflow Vulnerability Message-ID: <201008022311.o72NBWut031480@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: socat Command Line Argument Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA40806 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40806/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40806 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40806/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40806/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40806 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in socat, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error within the "nestlex()" function in nestlex.c, which can be exploited to cause a buffer overflow by e.g. providing specially crafted command line arguments. Note: Successful exploitation requires that the attacker can define certain command line arguments (e.g. via a CGI script calling socat with overly long, attacker provided hostname parameters). SOLUTION: Update to version 1.7.1.3. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Felix Gr?bert, Google Security Team ORIGINAL ADVISORY: http://www.dest-unreach.org/socat/contrib/socat-secadv2.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 2 16:44:50 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Aug 2010 01:44:50 +0200 Subject: [SEC] [SA40812] Mantis Attachment Script Insertion Vulnerability Message-ID: <201008022344.o72NioXW020432@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Mantis Attachment Script Insertion Vulnerability SECUNIA ADVISORY ID: SA40812 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40812/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40812 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40812/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40812/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40812 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Mantis, which can be exploited by malicious users to conduct script insertion attacks. Input passed in uploaded attachments is not properly verified before being used. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site when a malicious file with e.g. a "gif" extension is viewed with the Microsoft Internet Explorer browser. Successful exploitation requires permissions to upload attachments. The vulnerability is confirmed in version 1.2.1. Other versions may also be affected. SOLUTION: Update to version 1.2.2. PROVIDED AND/OR DISCOVERED BY: The vendor credits Kornel Lesinski. ORIGINAL ADVISORY: http://www.mantisbt.org/blog/?p=113 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 2 17:11:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Aug 2010 02:11:31 +0200 Subject: [SEC] [SA40830] Debian update for mapserver Message-ID: <201008030011.o730BVaZ009077@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Debian update for mapserver SECUNIA ADVISORY ID: SA40830 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40830/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40830 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40830/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40830/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40830 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for mapserver. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise a vulnerable system. 1) Unspecified errors when running certain CGI applications with command line debug arguments (enabled by default) can be exploited to execute arbitrary code. 2) A boundary error exists within the "msTmpFile()" function. For more information: SA40790 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA-2078-1: http://lists.debian.org/debian-security-announce/2010/msg00124.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 2 17:44:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Aug 2010 02:44:04 +0200 Subject: [SEC] [SA40824] IBM OS/400 HTTP Server Two Denial of Service Vulnerabilities Message-ID: <201008030044.o730i4pu030389@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: IBM OS/400 HTTP Server Two Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA40824 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40824/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40824 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40824/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40824/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40824 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged two vulnerabilities in OS/400, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerabilities #2 and #3: SA40206 The vulnerabilities are reported in version V6R1M0. SOLUTION: Apply APAR SE44398. ORIGINAL ADVISORY: http://www-01.ibm.com/support/docview.wss?uid=nas2f3abe5f92565651d86257770003c7447 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 2 18:09:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Aug 2010 03:09:13 +0200 Subject: [SEC] [SA40790] MapServer "msTmpFile()" Buffer Overflow Vulnerability Message-ID: <201008030109.o7319Dvu018956@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: MapServer "msTmpFile()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA40790 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40790/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40790 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40790/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40790/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40790 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in MapServer, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "msTmpFile()" function in maputil.c and can be exploited to cause a stack-based buffer overflow. Note: Unspecified errors when running certain CGI applications with command line debug arguments can be exploited to execute arbitrary code. The vulnerability is reported in versions prior to 4.10.6 and 5.6.4. SOLUTION: Update to versions 4.10.6 and 5.6.4. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MapServer: http://lists.osgeo.org/pipermail/mapserver-users/2010-July/066052.html http://trac.osgeo.org/mapserver/ticket/3484 http://trac.osgeo.org/mapserver/ticket/3485 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 2 18:23:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Aug 2010 03:23:19 +0200 Subject: [SEC] [SA40797] Debian update for ghostscript Message-ID: <201008030123.o731NJIv007031@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Debian update for ghostscript SECUNIA ADVISORY ID: SA40797 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40797/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40797 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40797/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40797/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40797 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for ghostscript. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA25287 SA34292 SA34393 SA34393 SA34534 SA37851 SA39753 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA-2080-1: http://www.debian.org/security/2010/dsa-2080 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 2 18:44:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Aug 2010 03:44:00 +0200 Subject: [SEC] [SA40798] Debian update for kvirc Message-ID: <201008030144.o731i0CA027794@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Debian update for kvirc SECUNIA ADVISORY ID: SA40798 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40798/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40798 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40798/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40798/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40798 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for kvirc. This fixes a vulnerability, which can be exploited by malicious people to hijack IRC connections. For more information: SA40727 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA 2078-1: http://lists.debian.org/debian-security-announce/2010/msg00123.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 2 19:12:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Aug 2010 04:12:03 +0200 Subject: [SEC] [SA40789] Debian update for gmime2.2 Message-ID: <201008030212.o732C3qh017004@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Debian update for gmime2.2 SECUNIA ADVISORY ID: SA40789 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40789/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40789 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40789/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40789/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40789 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for gmime2.2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library. For more information: SA38459 SOLUTION: Apply update packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA-2082-1: http://lists.debian.org/debian-security-announce/2010/msg00127.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 2 19:42:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Aug 2010 04:42:14 +0200 Subject: [SEC] [SA40828] EMC Disk Library Denial of Service Vulnerability Message-ID: <201008030242.o732gERP005790@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: EMC Disk Library Denial of Service Vulnerability SECUNIA ADVISORY ID: SA40828 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40828/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40828 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40828/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40828/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40828 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in EMC Disk Library (EDL), which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error, which can be exploited to cause the communication module to crash by sending a specially crafted message to an affected system. The vulnerability is reported in the following versions: * EMC Disk Library earlier than 3.2.7 * EMC Disk Library 3.3.x * EMC Disk Library 4.0.x SOLUTION: Update to EMC Disk Library version 3.2.7, 3.3.2 and epatch 8, or 4.0.1 and epatch 4. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: ESA-2010-012: http://archives.neohapsis.com/archives/bugtraq/2010-07/0272.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 2 19:54:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Aug 2010 04:54:13 +0200 Subject: [SEC] [SA40785] Akamai Download Manager File Download Vulnerability Message-ID: <201008030254.o732sDdC026167@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Akamai Download Manager File Download Vulnerability SECUNIA ADVISORY ID: SA40785 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40785/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40785 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40785/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40785/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40785 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Akamai Download Manager, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the handling of file downloads, which can be exploited to save an arbitrary file on the user's desktop when the user visits a specially crafted web page. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 2.2.4.8. Other versions may also be affected. SOLUTION: Update to version 2.2.5.4. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Yorick Koster, Akita Software Security ORIGINAL ADVISORY: Yorick Koster, Akita Software Security: http://www.akitasecurity.nl/advisory.php?id=AK20090402 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 2 20:07:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Aug 2010 05:07:26 +0200 Subject: [SEC] [SA40810] CometBird Plugin Parameter Array Dangling Pointer Vulnerability Message-ID: <201008030307.o7337Qev014199@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: CometBird Plugin Parameter Array Dangling Pointer Vulnerability SECUNIA ADVISORY ID: SA40810 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40810/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40810 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40810/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40810/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40810 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in CometBird, which can be exploited by malicious people to compromise a user's system. For more information: SA40720 SOLUTION: Update to version 3.6.8. ORIGINAL ADVISORY: http://www.cometforums.com/topic/12795149-new-cometbird-version-368-has-been-released/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 2 20:21:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Aug 2010 05:21:10 +0200 Subject: [SEC] [SA40765] Hitachi Products Two Vulnerabilities Message-ID: <201008030321.o733LAZg002208@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Hitachi Products Two Vulnerabilities SECUNIA ADVISORY ID: SA40765 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40765/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40765 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40765/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40765/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40765 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in various Hitachi products, which can be exploited by malicious people to manipulate certain data or potentially compromise a vulnerable system. 1) An unspecified error within 2D image processing can be exploited to execute arbitrary code. No further information is currently available. 2) An unspecified error when communicating via TLS/SSL can be exploited to insert arbitrary data in communication data. No further information is currently available. Please see the vendor's advisory for a full list of affected products. SOLUTION: Update to a fixed version. See vendor advisory for details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-010/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 2 20:42:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Aug 2010 05:42:31 +0200 Subject: [SEC] [SA40823] Red Hat update for freetype Message-ID: <201008030342.o733gVf1023049@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Red Hat update for freetype SECUNIA ADVISORY ID: SA40823 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40823/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40823 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40823/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40823/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40823 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for freetype. This fixes multiple vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the library. For more information: SA40586 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0577-1: http://rhn.redhat.com/errata/RHSA-2010-0577.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 2 20:54:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Aug 2010 05:54:24 +0200 Subject: [SEC] [SA40768] Hitachi HiRDB Denial of Service Vulnerability Message-ID: <201008030354.o733sOPa011027@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Hitachi HiRDB Denial of Service Vulnerability SECUNIA ADVISORY ID: SA40768 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40768/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40768 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40768/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40768/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40768 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Hitachi HiRDB, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the processing of unexpected data, which can be exploited to disrupt the HiRDB process and the HiRDB unit. Please see the vendor's advisory for a list of affected products and versions. SOLUTION: Please see the vendor's advisory for fix information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-014/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 2 21:07:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Aug 2010 06:07:35 +0200 Subject: [SEC] [SA40784] Hitachi JP1/Cm2/Network Node Manager Unspecified Vulnerability Message-ID: <201008030407.o7347Zhq031455@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Hitachi JP1/Cm2/Network Node Manager Unspecified Vulnerability SECUNIA ADVISORY ID: SA40784 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40784/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40784 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40784/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40784/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40784 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Hitachi JP1/Cm2/Network Node Manager, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. The vulnerability is caused due to an unspecified error and can be exploited to crash the application or execute arbitrary code. Please see the vendor's advisory for a list of affected products and versions. SOLUTION: Please see the vendor's advisory for fix information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-015/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 2 21:21:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Aug 2010 06:21:19 +0200 Subject: [SEC] [SA40796] Fedora update for kvirc Message-ID: <201008030421.o734LJwU019502@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Fedora update for kvirc SECUNIA ADVISORY ID: SA40796 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40796/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40796 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40796/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40796/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40796 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for kvirc. This fixes a vulnerability, which can be exploited by malicious people to hijack IRC connections. For more information: SA40727 SOLUTION: Apply updated packages using the yum utility ("yum update kvirc"). ORIGINAL ADVISORY: FEDORA-2010-11524: http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html FEDORA-2010-11506: http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 2 21:42:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Aug 2010 06:42:13 +0200 Subject: [SEC] [SA40783] Wireshark Multiple Vulnerabilities Message-ID: <201008030442.o734gDG2007885@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Wireshark Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40783 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40783/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40783 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40783/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40783/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40783 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. 1) An off-by-one error exists within the SigComp Universal Decompressor Virtual Machine. This is related to vulnerability #5 in: SA40112 2) An error in within the "ASN.1 BER" dissector can be exploited to cause a stack overflow. The vulnerability is caused due to a regression of vulnerability #2 in: SA40112 3) A NULL pointer dereference error in the "GSM A RR" dissector can be exploited to cause a crash. 4) An error in the "IPMI" dissector can be exploited to trigger an infinite loop. The vulnerabilities are reported in versions prior to 1.0.15 and 1.2.10. Vulnerabilities #3 and #4 only affected 1.2.x versions. SOLUTION: Update to version 1.0.15 or 1.2.10. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.wireshark.org/security/wnpa-sec-2010-07.html http://www.wireshark.org/security/wnpa-sec-2010-08.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 2 21:54:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Aug 2010 06:54:24 +0200 Subject: [SEC] [SA40795] SUSE update for MozillaFirefox, MozillaThunderbird, and seamonkey Message-ID: <201008030454.o734sOUY028260@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: SUSE update for MozillaFirefox, MozillaThunderbird, and seamonkey SECUNIA ADVISORY ID: SA40795 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40795/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40795 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40795/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40795/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40795 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for MozillaFirefox, MozillaThunderbird, and seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, potentially conduct cross-site scripting attacks, bypass certain security restrictions, conduct spoofing attacks, and compromise a user's system. For more information: SA39925 SA40283 SA40720 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SUSE-SA:2010:032: http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00008.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 2 22:07:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Aug 2010 07:07:33 +0200 Subject: [SEC] [SA40787] OpenConnect SSL Hostname Verification Security Bypass Message-ID: <201008030507.o7357X48016286@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: OpenConnect SSL Hostname Verification Security Bypass SECUNIA ADVISORY ID: SA40787 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40787/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40787 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40787/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40787/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40787 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in OpenConnect, which can be exploited by malicious people to bypass certain security restrictions. The application does not always properly verify the hostname of the server when using SSL connections. This can be exploited to e.g. conduct Man-in-the-Middle (MitM) attacks. The vulnerability is reported in versions prior to 2.25. SOLUTION: Update to version 2.25. PROVIDED AND/OR DISCOVERED BY: Johannes Becker ORIGINAL ADVISORY: http://lists.infradead.org/pipermail/openconnect-devel/2010-May/000168.html http://www.infradead.org/openconnect/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 3 10:27:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Aug 2010 19:27:04 +0200 Subject: [SEC] [SA40763] Cetera eCommerce Cross-Site Scripting Vulnerabilities Message-ID: <201008031727.o73HR4HF014392@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Cetera eCommerce Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA40763 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40763/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40763 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40763/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40763/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40763 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cetera eCommerce, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "messageParam[0]" parameter to the indexing script of the account/ folder and to cms/index.php, the "messageES" parameter to cms/index.php, the "sobject" parameter to cms/templates/search.php, the "deleted" parameter to cms/templates/bannerlist.php, and the "errorMessage" parameter to cms/templates/bannerlist.php and cms/templates/banner.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in version 14.0. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: MustLive ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0389.html http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0390.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 3 11:27:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Aug 2010 20:27:36 +0200 Subject: [SEC] [SA40674] Apple Mac OS X WebDAV Kernel Extension Local Denial of Service Message-ID: <201008031827.o73IRac2004588@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Apple Mac OS X WebDAV Kernel Extension Local Denial of Service SECUNIA ADVISORY ID: SA40674 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40674/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40674 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40674/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40674/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40674 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Dan Rosenberg has reported a vulnerability in Apple Mac OS X, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to the "webdav_mount()" function of the WebDAV kernel extension not properly verifying certain parameters before using them to allocate memory, which can be exploited to trigger a kernel panic. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Dan Rosenberg ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0363.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 3 12:27:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Aug 2010 21:27:18 +0200 Subject: [SEC] [SA40807] Apple iOS Security Bypass and PDF File Processing Vulnerability Message-ID: <201008031927.o73JRI4H027160@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Apple iOS Security Bypass and PDF File Processing Vulnerability SECUNIA ADVISORY ID: SA40807 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40807/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40807 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40807/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40807/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40807 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people to compromise a user's system. 1) An error in the processing of PDF files can be exploited to execute arbitrary code e.g. when a user visits a specially crafted web page. 2) An unspecified error in the kernel can be exploited to gain escalated privileges. The vulnerabilities are reported in 4.0.1. Other versions may also be affected. NOTE: The vulnerabilities are currently exploited to jailbreak a vulnerable device. SOLUTION: Do not browse untrusted sites or follow links from untrusted sources. Do not open PDF files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: comex, disclosed via jailbreakme.com OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 3 13:27:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Aug 2010 22:27:21 +0200 Subject: [SEC] [SA40803] VxWorks loginLib Default Password Hashing Algorithm Security Issue Message-ID: <201008032027.o73KRLuh017352@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: VxWorks loginLib Default Password Hashing Algorithm Security Issue SECUNIA ADVISORY ID: SA40803 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40803/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40803 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40803/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40803/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40803 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in VxWorks, which can be exploited by malicious people to conduct brute force attacks. The problem is that the loginLib's standard authentication API ("loginDefaultEncrypt()" function) uses an insecure hash algorithm, which is vulnerable to e.g. collision attacks. This can be exploited to brute force a character combination producing the target hash. Successful exploitation requires that a valid login name is known. SOLUTION: The vendor has issued patches removing the 80 characters limitation for encrypted password string length limitation for VxWorks versions 5.5.1 through 6.4. Reportedly, VxWorks 6.9 will include a more secure default hash algorithm. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: HD Moore ORIGINAL ADVISORY: HD Moore: http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html Wind River: http://www.kb.cert.org/vuls/id/MAPG-863QH9 https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033709 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 3 14:21:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Aug 2010 23:21:20 +0200 Subject: [SEC] [SA40856] SUSE update for kernel Message-ID: <201008032121.o73LLK4O007274@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: SUSE update for kernel SECUNIA ADVISORY ID: SA40856 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40856/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40856 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40856/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40856/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40856 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and gain escalated privileges. For more information: SA39982 1) An error exists within the "gfs2_set_flags()" function, which can be exploited to change certain file attributes of files on an GFS2 file system. 2) Various unspecified buffer overflows within the "novfs" kernel module can be exploited by malicious, local users to execute arbitrary code with kernel privileges. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SUSE-SA:2010:033: http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00000.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 3 14:42:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 3 Aug 2010 23:42:32 +0200 Subject: [SEC] [SA40855] SUSE update for Multiple Packages Message-ID: <201008032142.o73LgWQb028103@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: SUSE update for Multiple Packages SECUNIA ADVISORY ID: SA40855 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40855/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40855 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40855/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40855/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40855 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued updates for multiple packages. This fixes multiple security issues and vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, gain escalated privileges, and compromise a user's system and by malicious users to conduct script insertion and SQL injection attacks, cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system and by malicious people to conduct cross-site scripting, script insertion, cross-site request forgery, and spoofing attacks, bypass certain security restrictions, disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), compromise an application using the library, potentially compromise a user's system, and potentially compromise a vulnerable system. For more information: SA15193 SA32410 SA36001 SA36159 SA36425 SA36425 SA37107 SA37107 SA37469 SA37851 SA38286 SA38454 SA38507 SA39529 SA39753 SA39753 SA39762 SA39845 SA39845 SA39861 SA39895 SA39895 SA39935 SA40019 SA40028 SA40070 SA40134 SA40145 SA40181 SA40241 SA40248 SA40427 SA40475 SA40572 SA40635 SA40639 SA40727 1) The SUSE Lifecycle Management Server application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform unspecified actions if a logged-in user visits a malicious web site. 2) A security issue exists in the pre-installed images of the WebYaST appliance, which generates the same secret key used to create session cookies. 3) A security issue exists in LXSession due to "lxsession-logout" not properly locking the screen before suspending, hibernating, or switching users and can be exploited to compromise a user's system. SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SR:2010:014: http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 3 15:01:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Aug 2010 00:01:09 +0200 Subject: [SEC] [SA40839] Fedora update for kernel Message-ID: <201008032201.o73M19KA016521@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Fedora update for kernel SECUNIA ADVISORY ID: SA40839 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40839/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40839 RELEASE DATE: 2010-08-03 DISCUSS ADVISORY: http://secunia.com/advisories/40839/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40839/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40839 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and conduct DNS cache poisoning attacks. For more information: SA39982 SA40691 SOLUTION: Apply updated packages using the yum utility ("yum update kernel"). ORIGINAL ADVISORY: FEDORA-2010-11412: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044962.html FEDORA-2010-11462: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044983.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 3 15:25:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Aug 2010 00:25:14 +0200 Subject: [SEC] [SA40846] Red Hat update for tomcat5 and tomcat6 Message-ID: <201008032225.o73MPECE005083@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Red Hat update for tomcat5 and tomcat6 SECUNIA ADVISORY ID: SA40846 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40846/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40846 RELEASE DATE: 2010-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/40846/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40846/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40846 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for tomcat5 and tomcat6. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA39574 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: https://rhn.redhat.com/errata/RHSA-2010-0581.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 3 15:45:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Aug 2010 00:45:43 +0200 Subject: [SEC] [SA40821] Citrix XenApp Online Plug-in ActiveX Control Code Execution Vulnerability Message-ID: <201008032245.o73Mjhxu025892@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Citrix XenApp Online Plug-in ActiveX Control Code Execution Vulnerability SECUNIA ADVISORY ID: SA40821 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40821/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40821 RELEASE DATE: 2010-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/40821/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40821/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40821 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Citrix XenApp Online Plug-in, which can be exploited by malicious people to compromise a user's system. For more information: SA40819 SOLUTION: The vulnerability is fixed in version 12.0.3. ORIGINAL ADVISORY: http://support.citrix.com/article/CTX125976 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 3 16:12:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Aug 2010 01:12:21 +0200 Subject: [SEC] [SA40819] Citrix XenApp Online Plug-in ActiveX Control Code Execution Vulnerability Message-ID: <201008032312.o73NCLbT014585@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Citrix XenApp Online Plug-in ActiveX Control Code Execution Vulnerability SECUNIA ADVISORY ID: SA40819 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40819/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40819 RELEASE DATE: 2010-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/40819/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40819/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40819 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Citrix XenApp Online Plug-in, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error in the ICA Client ActiveX Object (ICO) component and can be exploited to execute arbitrary code on a user's system when a user visits a specially crafted web page. The vulnerability is reported in versions prior to 12.0.3. SOLUTION: Update to version 12.0.3. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Sean of iDefense. ORIGINAL ADVISORY: http://support.citrix.com/article/CTX125976 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 3 16:44:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Aug 2010 01:44:59 +0200 Subject: [SEC] [SA40808] Citrix XenApp Online Plug-in and ICA Clients Code Execution Vulnerability Message-ID: <201008032344.o73NixtZ003527@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Citrix XenApp Online Plug-in and ICA Clients Code Execution Vulnerability SECUNIA ADVISORY ID: SA40808 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40808/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40808 RELEASE DATE: 2010-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/40808/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40808/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40808 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Citrix XenApp Online Plug-in and ICA Clients, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error, which can be exploited to execute arbitrary code when a user establishes an ICA connection to a malicious server, e.g. by invoking an .ICA file or via an ICA client browser plug-in when browsing a specially crafted web page. The vulnerability is reported in the following products and versions: * Citrix Online Plug-in for Windows for XenApp & XenDesktop prior to version 11.2 * Citrix Online Plug-in for Mac for XenApp & XenDesktop prior to version 11.0 * Citrix ICA Client for Linux (x86 and ARM) prior to version 11.100 * Citrix ICA Client for Solaris (x86 and Sparc) prior to version 8.63 * Citrix Receiver for Windows Mobile prior to version 11.5 SOLUTION: Update to the fixed versions. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Michael Jordon of Context Information Security Ltd. ORIGINAL ADVISORY: http://support.citrix.com/article/CTX125975 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 3 17:11:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Aug 2010 02:11:36 +0200 Subject: [SEC] [SA40813] Red Hat update for tomcat5 Message-ID: <201008040011.o740Baos024609@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Red Hat update for tomcat5 SECUNIA ADVISORY ID: SA40813 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40813/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40813 RELEASE DATE: 2010-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/40813/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40813/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40813 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for tomcat5. This fixes some weaknesses and a vulnerability, which can be exploited by malicious users and malicious people to manipulate certain data and by malicious people to disclose certain system information and cause a DoS (Denial of Service). For more information: SA38316 SA39574 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0580-1: https://rhn.redhat.com/errata/RHSA-2010-0580.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 3 17:44:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Aug 2010 02:44:22 +0200 Subject: [SEC] [SA40847] Red Hat update for tomcat5 Message-ID: <201008040044.o740iMYf013570@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Red Hat update for tomcat5 SECUNIA ADVISORY ID: SA40847 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40847/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40847 RELEASE DATE: 2010-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/40847/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40847/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40847 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for tomcat5. This fixes some vulnerabilities, which can be exploited by malicious people to manipulate certain data or cause a DoS (Denial of Service). For more information: SA38346 SA39574 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: https://rhn.redhat.com/errata/RHSA-2010-0582.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 3 18:09:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Aug 2010 03:09:22 +0200 Subject: [SEC] [SA40834] Debian update for tiff Message-ID: <201008040109.o7419MmX002124@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Debian update for tiff SECUNIA ADVISORY ID: SA40834 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40834/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40834 RELEASE DATE: 2010-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/40834/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40834/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40834 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for tiff. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise an application using the library. For more information: SA40181 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA 2084-1: http://lists.debian.org/debian-security-announce/2010/msg00129.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 3 18:23:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Aug 2010 03:23:26 +0200 Subject: [SEC] [SA40836] Debian update for moin Message-ID: <201008040123.o741NQR0022685@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Debian update for moin SECUNIA ADVISORY ID: SA40836 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40836/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40836 RELEASE DATE: 2010-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/40836/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40836/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40836 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for moin. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA40043 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA-2083-1: http://lists.debian.org/debian-security-announce/2010/msg00128.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 3 18:44:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Aug 2010 03:44:26 +0200 Subject: [SEC] [SA40848] Red Hat update for jbossweb Message-ID: <201008040144.o741iQFo011119@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Red Hat update for jbossweb SECUNIA ADVISORY ID: SA40848 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40848/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40848 RELEASE DATE: 2010-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/40848/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40848/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40848 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for jbossweb. This fixes a security issue and a vulnerability, which can be exploited by malicious people to disclose certain system information or cause a DoS (Denial of Service). For more information: SA39574 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: https://rhn.redhat.com/errata/RHSA-2010-0584.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 3 19:16:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Aug 2010 04:16:41 +0200 Subject: [SEC] [SA40814] Red Hat update for lftp Message-ID: <201008040216.o742Gfi3000470@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Red Hat update for lftp SECUNIA ADVISORY ID: SA40814 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40814/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40814 RELEASE DATE: 2010-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/40814/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40814/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40814 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for lftp. This fixes a weakness, which can be exploited by malicious people to bypass certain security features. For more information: SA39861 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0585-1: https://rhn.redhat.com/errata/RHSA-2010-0585.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 3 19:44:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Aug 2010 04:44:13 +0200 Subject: [SEC] [SA40840] Fedora update for perl Message-ID: <201008040244.o742iDRC021645@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Fedora update for perl SECUNIA ADVISORY ID: SA40840 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40840/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40840 RELEASE DATE: 2010-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/40840/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40840/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40840 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for perl. This fixes two security issues, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA40049 SOLUTION: Apply updated packages via the yum utility ("yum update perl"). ORIGINAL ADVISORY: FEDORA-2010-11323: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/044979.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 3 20:09:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Aug 2010 05:09:30 +0200 Subject: [SEC] [SA40794] Citibank Citi Mobile Information Disclosure Security Issue Message-ID: <201008040309.o7439U9c010258@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Citibank Citi Mobile Information Disclosure Security Issue SECUNIA ADVISORY ID: SA40794 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40794/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40794 RELEASE DATE: 2010-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/40794/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40794/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40794 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Citibank Citi Mobile, which can be exploited by malicious people to disclose sensitive information. The security issue is caused due to the application storing sensitive account data in a hidden file on the file system. This can be exploited to gain access to sensitive information by accessing the device's file system or potentially via a stored backup file. SOLUTION: Update to version 2.0.3. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 3 20:23:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Aug 2010 05:23:24 +0200 Subject: [SEC] [SA40841] Fedora update for gnupg2 Message-ID: <201008040323.o743NOTs030755@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Fedora update for gnupg2 SECUNIA ADVISORY ID: SA40841 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40841/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40841 RELEASE DATE: 2010-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/40841/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40841/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40841 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for gnupg2. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system. For more information: SA38877 SOLUTION: Apply updated packages via the yum utility ("yum update gnupg2"). ORIGINAL ADVISORY: FEDORA-2010-11413: https://admin.fedoraproject.org/updates/gnupg2-2.0.14-4.fc13 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 3 20:44:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Aug 2010 05:44:29 +0200 Subject: [SEC] [SA40788] Red Hat update for java-1.4.2-ibm Message-ID: <201008040344.o743iTOA019180@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Red Hat update for java-1.4.2-ibm SECUNIA ADVISORY ID: SA40788 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40788/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40788 RELEASE DATE: 2010-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/40788/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40788/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40788 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for java-1.4.2-ibm. This fixes multiple vulnerabilities, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, disclose potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system. For more information: SA37255 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0574-1: https://rhn.redhat.com/errata/RHSA-2010-0574.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 3 21:10:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Aug 2010 06:10:29 +0200 Subject: [SEC] [SA40782] Novell iPrint Client Multiple Vulnerabilities Message-ID: <201008040410.o744ATo1007831@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Novell iPrint Client Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40782 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40782/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40782 RELEASE DATE: 2010-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/40782/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40782/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40782 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Novell iPrint Client, which can be exploited by malicious people to manipulate certain data or compromise a user's system. 1) An unspecified error exists in the browser plugin when parsing parameter names. 2) An unspecified error exists in the browser plugin. No more information is currently available. 3) A boundary error in the ActiveX control (ienipp.ocx) when constructing a debug string based on input supplied to the "ExecuteRequest()" method can be exploited to cause a stack-based buffer overflow via an overly long string. 4) An unspecified error in the browser plugin can be exploited to delete files on a user's system. Successful exploitation of vulnerabilities #1 through #3 may allow execution of arbitrary code. The vulnerabilities are reported in version 5.40. Other versions may also be affected. SOLUTION: Update to version 5.42. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1-2) The vendor credits Ivan Almuina via ZDI. 3-4) The vendor credits Aaron Portnoy, TippingPoint DVLabs. Additional details provided by Secunia Research. ORIGINAL ADVISORY: Novell: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5078392.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 3 21:23:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Aug 2010 06:23:42 +0200 Subject: [SEC] [SA40791] IBM Tivoli Directory Server DIGEST-MD5 Denial of Service Vulnerability Message-ID: <201008040423.o744NgQW028288@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: IBM Tivoli Directory Server DIGEST-MD5 Denial of Service Vulnerability SECUNIA ADVISORY ID: SA40791 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40791/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40791 RELEASE DATE: 2010-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/40791/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40791/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40791 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM Tivoli Directory Server, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability exists due to improper handling of DIGEST-MD5 authentication requests and can be exploited to terminate the service via multiple incomplete connections. The vulnerability is reported in version 6.0.0.8. SOLUTION: Apply Interim Fix 6.0.0.8-TIV-ITDS-IF0006 or APAR IO12399. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www-01.ibm.com/support/docview.wss?uid=swg24027463 http://www-01.ibm.com/support/docview.wss?uid=swg1IO12399 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 3 21:44:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Aug 2010 06:44:17 +0200 Subject: [SEC] [SA40770] Debian update for openldap Message-ID: <201008040444.o744iHBE016685@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Debian update for openldap SECUNIA ADVISORY ID: SA40770 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40770/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40770 RELEASE DATE: 2010-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/40770/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40770/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40770 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for openldap. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA40639 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA-2077-1: http://lists.debian.org/debian-security-announce/2010/msg00122.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 3 22:09:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Aug 2010 07:09:26 +0200 Subject: [SEC] [SA40749] Joomla PBBooking Component Multiple SQL Injection Vulnerabilities Message-ID: <201008040509.o7459QJ6005288@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Joomla PBBooking Component Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA40749 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40749/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40749 RELEASE DATE: 2010-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/40749/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40749/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40749 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in the PBBooking component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to index.php (when "option" is set to "com_pbbooking" and "task" to "validate") and via the "date", "timeslot", "firstname", "lastname", "email", and "mobile" parameters to index.php (when "option" is set to "com_pbbooking" and "task" is set to "save") is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 1.0.4_3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Salvatore Fresta aka Drosophila ORIGINAL ADVISORY: http://adv.salvatorefresta.net/PBBooking_1.0.4_3_Joomla_Component_Multiple_Blind_SQL_Injection-29072010.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 4 10:29:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Aug 2010 19:29:20 +0200 Subject: [SEC] [SA40801] Debian update for lftp Message-ID: <201008041729.o74HTKmS026103@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Debian update for lftp SECUNIA ADVISORY ID: SA40801 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40801/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40801 RELEASE DATE: 2010-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/40801/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40801/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40801 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for lftp. This fixes a weakness, which can be exploited by malicious people to bypass certain security features. For more information: SA39861 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA-2085-1: http://lists.debian.org/debian-security-announce/2010/msg00130.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 4 11:30:06 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Aug 2010 20:30:06 +0200 Subject: [SEC] [SA40766] Adobe Reader/Acrobat Font Parsing Integer Overflow Vulnerability Message-ID: <201008041830.o74IU6i7016307@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Adobe Reader/Acrobat Font Parsing Integer Overflow Vulnerability SECUNIA ADVISORY ID: SA40766 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40766/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40766 RELEASE DATE: 2010-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/40766/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40766/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40766 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Charlie Miller has discovered a vulnerability in Adobe Reader / Acrobat, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error in CoolType.dll when parsing the "maxCompositePoints" field value in the "maxp" (Maximum Profile) table of a TrueType font. This can be exploited to corrupt memory via a PDF file containing a specially crafted TrueType font. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in Adobe Reader versions 8.2.3 and 9.3.3 and Adobe Acrobat version 9.3.3. Other versions may also be affected. SOLUTION: Do not open untrusted PDF files. PROVIDED AND/OR DISCOVERED BY: Charlie Miller, Independent Security Evaluators. ORIGINAL ADVISORY: Crash analysis with BitBlaze (page 51 - 58): http://securityevaluators.com/files/papers/CrashAnalysis.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 4 12:29:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Aug 2010 21:29:26 +0200 Subject: [SEC] [SA40858] WordPress NextGEN Smooth Gallery Plugin "galleryID" SQL Injection Vulnerability Message-ID: <201008041929.o74JTQSx006436@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: WordPress NextGEN Smooth Gallery Plugin "galleryID" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA40858 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40858/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40858 RELEASE DATE: 2010-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/40858/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40858/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40858 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the NextGEN Smooth Gallery plugin for Wordpress, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "galleryID" parameter to wp-content/plugins/nextgen-smooth-gallery/nggSmoothFrame.php is not properly sanitised before being used in SQL queries in wp-content/plugins/nextgen-smooth-gallery/nggSmoothSharedFunctions.php. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerability is confirmed in version 1.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: kaMtiEz OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 4 13:29:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Aug 2010 22:29:25 +0200 Subject: [SEC] [SA40829] Rockwell Automation 1756-ENBT Series A VxWorks Debugger Vulnerability Message-ID: <201008042029.o74KTPlM029006@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Rockwell Automation 1756-ENBT Series A VxWorks Debugger Vulnerability SECUNIA ADVISORY ID: SA40829 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40829/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40829 RELEASE DATE: 2010-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/40829/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40829/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40829 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Rockwell Automation 1756-ENBT series A, which can be exploited by malicious people to compromise the vulnerable device. The vulnerability is caused due to the VxWorks debug agent being enabled, which can be exploited to gain control over the device by e.g. sending specially crafted requests to port 17185/UDP. The vulnerability is reported in Rockwell Automation 1756-ENBT series A running firmware versions 3.2.6 and 3.6.1. SOLUTION: See Rockwell Automation Technote #69735. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported in VxWorks by Bennett Todd, Shawn Merdinger, and HD Moore. ORIGINAL ADVISORY: US-CERT VU#362332: http://www.kb.cert.org/vuls/id/362332 http://www.kb.cert.org/vuls/id/MAPG-86FPQL HD Moore: http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 4 14:23:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Aug 2010 23:23:13 +0200 Subject: [SEC] [SA40868] avast! Internet Security "aswFW.sys" IOCTL Handling Denial of Service Message-ID: <201008042123.o74LNDKR018885@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: avast! Internet Security "aswFW.sys" IOCTL Handling Denial of Service SECUNIA ADVISORY ID: SA40868 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40868/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40868 RELEASE DATE: 2010-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/40868/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40868/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40868 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in avast! Internet Security, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an integer overflow within the "aswFW.sys" device driver when processing IOCTLs and can be exploited to cause a buffer overflow via a specially crafted 0x829C0964 IOCTL. The vulnerability is confirmed in version 5.0.594. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: x90c, InetCop Security ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/14533/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 4 14:46:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 4 Aug 2010 23:46:47 +0200 Subject: [SEC] [SA40811] Red Hat Directory Server Setup Scripts Insecure Cache File Permissions Message-ID: <201008042146.o74LklIN007407@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Red Hat Directory Server Setup Scripts Insecure Cache File Permissions SECUNIA ADVISORY ID: SA40811 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40811/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40811 RELEASE DATE: 2010-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/40811/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40811/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40811 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in Red Hat Directory Server, which can be exploited by malicious, local users to disclose sensitive information. The weakness is caused due to the "setup-ds.pl" and "setup-ds-admin.pl" setup scripts creating cache files with insecure file permissions. This can be exploited to disclose passwords for the Directory and Administration Server administrative accounts. SOLUTION: Fixed in Red Hat Directory Server 8.2. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://rhn.redhat.com/errata/RHSA-2010-0590.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 4 15:11:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Aug 2010 00:11:58 +0200 Subject: [SEC] [SA40775] OpenOffice.org Impress Two Vulnerabilities Message-ID: <201008042211.o74MBw1S028501@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: OpenOffice.org Impress Two Vulnerabilities SECUNIA ADVISORY ID: SA40775 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40775 RELEASE DATE: 2010-08-04 DISCUSS ADVISORY: http://secunia.com/advisories/40775/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40775/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40775 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Charlie Miller has discovered two vulnerabilities in OpenOffice.org Impress, which can be exploited by malicious people to compromise a user's system. 1) An integer truncation error when parsing certain content can be exploited to cause a heap-based buffer overflow via a specially crafted file. 2) A short integer overflow error when parsing certain content can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are confirmed in version 3.2.1 for Windows. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Charlie Miller, Independent Security Evaluators. ORIGINAL ADVISORY: Crash analysis with BitBlaze (page 58 - 65): http://securityevaluators.com/files/papers/CrashAnalysis.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 4 15:46:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Aug 2010 00:46:08 +0200 Subject: [SEC] [SA40838] Novell ZENworks Remote Management Password Authentication Security Issue Message-ID: <201008042246.o74Mk8Rl017487@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Novell ZENworks Remote Management Password Authentication Security Issue SECUNIA ADVISORY ID: SA40838 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40838/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40838 RELEASE DATE: 2010-08-05 DISCUSS ADVISORY: http://secunia.com/advisories/40838/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40838/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40838 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Novell ZENworks Server and Desktop Management, which can be exploited by malicious people to bypass certain security restrictions. The problem is that a user, who has access to a managed device, is able to authenticate into a remote session on another managed device when both managed devices are configured with the same Remote Management password (e.g. when a common password has been distributed via NAL or TED). SOLUTION: The vendor recommends disabling password mode of authentication in the Remote Management policy (disabled by default). Alternatively, the vendor suggests to only distribute a common password via NAL or TED in trusted environments. PROVIDED AND/OR DISCOVERED BY: The vendor credits TippingPoint ZDI. ORIGINAL ADVISORY: Novell: http://www.novell.com/support/viewContent.do?externalId=7006557&sliceId=1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 4 16:12:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Aug 2010 01:12:05 +0200 Subject: [SEC] [SA40853] Debian update for avahi Message-ID: <201008042312.o74NC50U006128@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Debian update for avahi SECUNIA ADVISORY ID: SA40853 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40853/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40853 RELEASE DATE: 2010-08-05 DISCUSS ADVISORY: http://secunia.com/advisories/40853/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40853/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40853 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for avahi. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA34083 SA40470 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA-2086-1: http://lists.debian.org/debian-security-announce/2010/msg00131.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 4 16:44:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Aug 2010 01:44:27 +0200 Subject: [SEC] [SA40845] phpCAS Session Hijacking and Cross-Site Scripting Vulnerabilities Message-ID: <201008042344.o74NiRUq027446@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: phpCAS Session Hijacking and Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA40845 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40845/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40845 RELEASE DATE: 2010-08-05 DISCUSS ADVISORY: http://secunia.com/advisories/40845/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40845/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40845 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in phpCAS, which can be exploited by malicious people to conduct cross-site scripting attacks and malicious users to hijack another user's session. 1) A vulnerability is caused due to phpCAS not properly validating service tickets before assigning the new session. This can be exploited to hijack another user's session by e.g. guessing valid service tickets. Successful exploitation requires valid user credentials. 2) The application does not properly sanitise the callback URL, which can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation requires that the CAS proxy mode is used. The vulnerabilities are reported in versions prior to 1.1.2. SOLUTION: Update to version 1.1.2. PROVIDED AND/OR DISCOVERED BY: 1) S?bastien Portefaix 2) Reported by the vendor. ORIGINAL ADVISORY: https://wiki.jasig.org/display/CASC/phpCAS+ChangeLog 1) https://issues.jasig.org/browse/PHPCAS-61 2) https://issues.jasig.org/browse/PHPCAS-67 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 4 17:12:01 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Aug 2010 02:12:01 +0200 Subject: [SEC] [SA40837] RaidenTUNES "p" Cross-Site Scripting Vulnerability Message-ID: <201008050012.o750C1Ja016155@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: RaidenTUNES "p" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA40837 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40837/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40837 RELEASE DATE: 2010-08-05 DISCUSS ADVISORY: http://secunia.com/advisories/40837/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40837/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40837 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gjoko Krstic has reported a vulnerability in RaidenTUNES, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "p" parameter in music_out.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in version 2.1.1. Other versions may also be affected. SOLUTION: Update to version 2.1.2 PROVIDED AND/OR DISCOVERED BY: Gjoko Krstic, Zero Science Lab. ORIGINAL ADVISORY: Gjoko Krstic: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4947.php RaidenTUNES: http://forum.raidenftpd.com/showflat.php?Cat=&Board=mp3&Number=51265&page=0&view=collapsed&sb=5&o=0&fpart= OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 4 17:44:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Aug 2010 02:44:29 +0200 Subject: [SEC] [SA40781] TYPO3 phpMyAdmin Extension Security Bypass Message-ID: <201008050044.o750iThR005059@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: TYPO3 phpMyAdmin Extension Security Bypass SECUNIA ADVISORY ID: SA40781 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40781/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40781 RELEASE DATE: 2010-08-05 DISCUSS ADVISORY: http://secunia.com/advisories/40781/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40781/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40781 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the phpMyAdmin extension for TYPO3, which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to the extension not properly restricting access to administrative users only, which can be exploited to gain access to the database administration interface by accessing a specially crafted URL. Successful exploitation requires standard TYPO3 backend editor rights. The vulnerability is reported in versions 4.1.0 through 4.8.0. SOLUTION: Update to version 4.8.1. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Dirk Josefiak. ORIGINAL ADVISORY: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-014/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 4 18:09:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Aug 2010 03:09:19 +0200 Subject: [SEC] [SA40774] EasyManage CMS "id" Two SQL Injection Vulnerabilities Message-ID: <201008050109.o7519JBv026041@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: EasyManage CMS "id" Two SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA40774 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40774/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40774 RELEASE DATE: 2010-08-05 DISCUSS ADVISORY: http://secunia.com/advisories/40774/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40774/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40774 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: James Burton has reported two vulnerabilities in EasyManage CMS, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to cms_show_image.php and cms_show_download.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. NOTE: This can further be exploited to conduct cross-site scripting attacks via SQL error messages. SOLUTION: Reportedly a patch has been released. Contact the vendor for further information. PROVIDED AND/OR DISCOVERED BY: James Burton, Insomnia Security ORIGINAL ADVISORY: http://www.insomniasec.com/advisories/ISVA-100730.1.htm OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 4 18:24:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Aug 2010 03:24:21 +0200 Subject: [SEC] [SA40761] Joomla PhotoMap Gallery Component Two SQL Injection Vulnerabilities Message-ID: <201008050124.o751OLDu014167@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Joomla PhotoMap Gallery Component Two SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA40761 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40761/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40761 RELEASE DATE: 2010-08-05 DISCUSS ADVISORY: http://secunia.com/advisories/40761/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40761/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40761 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Salvatore Fresta has discovered two vulnerabilities in the PhotoMap Gallery component for Joomla, which can be exploited by malicious users and malicious people to conduct SQL injection attacks. 1) Input passed via the "id" parameter to index.php (when "option" is set to "com_photomapgallery", "view" is set to "user", and "task" is set to "save_usercategory") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires "Public Front-end" permissions. 2) Input passed via the "folder" parameter to index.php (when "option" is set to "com_photomapgallery" and "view" is set to "imagehandler") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 1.6. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Salvatore Fresta ORIGINAL ADVISORY: http://adv.salvatorefresta.net/PhotoMap_Gallery_1.6.0_Joomla_Component_Multiple_Blind_SQL_Injection-28072010.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 4 18:44:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Aug 2010 03:44:43 +0200 Subject: [SEC] [SA40777] Drupal Sage Pay Direct Payment Gateway for Ubercart Module Information Disclosure Message-ID: <201008050144.o751ih76002498@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Drupal Sage Pay Direct Payment Gateway for Ubercart Module Information Disclosure SECUNIA ADVISORY ID: SA40777 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40777/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40777 RELEASE DATE: 2010-08-05 DISCUSS ADVISORY: http://secunia.com/advisories/40777/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40777/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40777 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in the Sage Pay Direct Payment Gateway for Ubercart module for Drupal, which can be exploited by malicious people to disclose potentially sensitive information. The security issue is caused due to the caching of an iframe of a bank transaction with a "Verified by Visa" or "MasterCard SecureCode" verification schemes. This can be exploited to disclose sensitive information related to the user's credit card. The security issue is reported in versions prior to 5.x-1.9 and prior to 6.x-1.4. SOLUTION: Update to version 5.x-1.9 and 6.x-1.4. PROVIDED AND/OR DISCOVERED BY: The vendor credits David Long (longwave). ORIGINAL ADVISORY: SA-CONTRIB-2010-077: http://drupal.org/node/867496 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 4 19:14:01 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Aug 2010 04:14:01 +0200 Subject: [SEC] [SA40745] SPIP "var_login" Cross-Site Scripting Vulnerability Message-ID: <201008050214.o752E1cf024193@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: SPIP "var_login" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA40745 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40745/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40745 RELEASE DATE: 2010-08-05 DISCUSS ADVISORY: http://secunia.com/advisories/40745/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40745/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40745 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: dotsafe.fr has discovered a vulnerability in SPIP, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "var_login" parameter through spip.php (if "page" is set to "informer_auteur") to prive/informer_auteur_fonctions.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected website. The vulnerability is confirmed in version 2.1.0 (15608). Other versions may also be affected. SOLUTION: Fixed in the SVN repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: dotsafe.fr ORIGINAL ADVISORY: http://www.dotsafe.fr/advisories/4/fr/SPIP_2.1_-_XSS OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 4 19:44:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Aug 2010 04:44:14 +0200 Subject: [SEC] [SA40776] Drupal Dashboard Module Script Insertion Vulnerability Message-ID: <201008050244.o752iEm4013016@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Drupal Dashboard Module Script Insertion Vulnerability SECUNIA ADVISORY ID: SA40776 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40776/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40776 RELEASE DATE: 2010-08-05 DISCUSS ADVISORY: http://secunia.com/advisories/40776/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40776/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40776 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Dashboard module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "tags" and "titles" parameters associated with default widgets when creating a dashboard page is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "administer dashboard defaults" permissions. The vulnerability is reported in versions prior to 6.x-2.1. SOLUTION: Update to version 6.x-2.1. PROVIDED AND/OR DISCOVERED BY: The vendor credits Greg Knaddison (greggles), Drupal Security Team. ORIGINAL ADVISORY: SA-CONTRIB-2010-076: http://drupal.org/node/867426 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 4 20:10:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Aug 2010 05:10:07 +0200 Subject: [SEC] [SA40742] TYPO3 Multiple Vulnerabilities Message-ID: <201008050310.o753A7LP001576@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: TYPO3 Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40742 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40742/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40742 RELEASE DATE: 2010-08-05 DISCUSS ADVISORY: http://secunia.com/advisories/40742/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40742/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40742 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities and security issues have been reported in TYPO3, which can be exploited by malicious users to conduct SQL injection attacks, manipulate certain data, and compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks, HTTP redirect attacks, HTTP response splitting attacks, session fixation attacks, bypass certain security restrictions, and disclose potentially sensitive information. 1) Input passed to unspecified parameters in the backend is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to unspecified parameters in the backend is not properly sanitised before being returned to the user. This can be exploited to redirect a user to an arbitrary site. 3) Input passed via the backend record editing forms is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires "editor" permissions. 4) A security issue exists when validating uploaded files via the "fileDenyPattern" configuration variable and can be exploited to execute arbitrary PHP code by uploading a PHP file with e.g. a ".phtml" file extension. Successful exploitation requires backend permissions. 5) A security issue exists when an extension with a defective backend module is installed and can be exploited to disclose the full path of the application via error messages. 6) Certain input is not properly sanitised before being returned to the user in the Extension Manager. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 7) Input passed to unspecified parameters in the Extension Manager is not properly verified before being used to update files. This can be exploited to modify arbitrary files. Successful exploitation requires admin permissions. 8) Certain input is not properly sanitised before being used to construct an email message and can be exploited to inject arbitrary email addresses. 9) Input passed to the "jumpurl" parameter is not properly sanitised before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which are included in a response sent to the user. 10) Input passed to the frontend login box is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. This vulnerability is reported in versions prior to 4.2.13, prior to 4.3.4 and in 4.4 only. 11) A security issue exists in the "Forgot password" mechanism due to predictable generation of the confirmation code. This can be exploited to reset the password of a valid user using a predicted confirmation code. This vulnerability is reported in versions prior to 4.3.4 and in 4.4 only. 12) An error in the handling of sessions of install tool users can be exploited to hijack another user's session. 13) Input passed to the extbase extension in the FLUID Templating Engine is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. This vulnerability is reported in versions prior to 4.3.4 and in 4.4 only. 14) A security issue exists in the HTML mailing API class "t3lib_htmlmail" and can be exploited to disclose the version of the application via mail headers. This vulnerability is reported in versions prior to 4.2.13, prior to 4.3.4 and in 4.4 only. 15) Input passed to the frontend search box is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. This vulnerability is reported in version 4.4 only. The vulnerabilities are reported in versions prior to 4.1.14, prior to 4.2.13, prior to 4.3.4 and in 4.4. SOLUTION: Update to version 4.1.14, 4.2.13, 4.3.4, and 4.4.1. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Jelmer de Hen, Nikolas Hagelstein, Daniel Sloof, Tobias Liebig of TYPO3 Core Team, and TYPO3 Security Team members Georg Ringer, Dmitry Dulepov and Helmut Hummel. 2) The vendor credits Maxime Verroye and Helmut Hummel of TYPO3 Security Team. 3) The vendor credits Marc Bastian Heinrichs, Steffen Kamper of TYPO3 Core Team, and Helmut Hummel of TYPO3 Security Team. 4) The vendor credits Ernesto Baschny, TYPO3 Core Team. 5) The vendor credits Dmitry Dulepov, TYPO3 Core Team. 6,7) The vendor credits Tim Lochmuller. 8) The vendor credits Lars Houmark. 9) The vendor credits Maxime Verroye. 10) The vendor credits Franz G. Jahn. 11) The vendor credits Manuel Stofer. 12) The vendor credits Marcus Krause, TYPO3 Security Team. 13) The vendor credits Sebastian Kurfurst, TYPO3 Core Team. 14) The vendor credits Kai Vogel. 15) The vendor credits Alexandre Gravel-Raymond and Georg Ringer, TYPO3 Security Team. ORIGINAL ADVISORY: TYPO3-SA-2010-012: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-012/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 4 20:23:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Aug 2010 05:23:24 +0200 Subject: [SEC] [SA40767] Drupal Kaltura Module Information Disclosure Weakness Message-ID: <201008050323.o753NO50022088@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Drupal Kaltura Module Information Disclosure Weakness SECUNIA ADVISORY ID: SA40767 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40767/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40767 RELEASE DATE: 2010-08-05 DISCUSS ADVISORY: http://secunia.com/advisories/40767/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40767/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40767 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in the Kaltura module for Drupal, which may expose potentially sensitive information. The weakness is caused due to the use of a hidden iframe when installing, uninstalling, and configuring the module. This can be exploited to disclose e.g. partner id, registration id, registration error code, and the URL of the Drupal site to a third party (http://corp.kaltura.com/stats/drupal). The weakness is reported in versions prior to 6.x-1.5. SOLUTION: Update to version 6.x-1.5. PROVIDED AND/OR DISCOVERED BY: The vendor credits Denis Slepichev and Chris Burgess. ORIGINAL ADVISORY: SA-CONTRIB-2010-078: http://drupal.org/node/867820 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 4 20:44:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Aug 2010 05:44:16 +0200 Subject: [SEC] [SA40703] Piwik Local File Inclusion Vulnerability Message-ID: <201008050344.o753iGi5010475@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Piwik Local File Inclusion Vulnerability SECUNIA ADVISORY ID: SA40703 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40703/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40703 RELEASE DATE: 2010-08-05 DISCUSS ADVISORY: http://secunia.com/advisories/40703/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40703/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40703 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Piwik, which can be exploited by malicious people to disclose potentially sensitive information. Input passed to unspecified parameters when requesting a data renderer is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks. The vulnerability is reported in versions 0.6 through 0.6.3. SOLUTION: Update to version 0.6.4. PROVIDED AND/OR DISCOVERED BY: The vendor credits Enrico Razza. ORIGINAL ADVISORY: http://piwik.org/blog/2010/07/piwik-0-6-4-security-advisory/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 4 21:09:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Aug 2010 06:09:33 +0200 Subject: [SEC] [SA40771] UPlusFtp Server Web Interface Buffer Overflow Vulnerability Message-ID: <201008050409.o7549X7B031463@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: UPlusFtp Server Web Interface Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA40771 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40771/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40771 RELEASE DATE: 2010-08-05 DISCUSS ADVISORY: http://secunia.com/advisories/40771/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40771/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40771 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in UPlusFtp Server, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the web interface when processing certain HTTP requests. This can be exploited to cause a stack-based buffer overflow by sending specially crafted HTTP requests to the web interface. Successful exploitation allows the execution of arbitrary code but requires valid user credentials. The vulnerability is confirmed in version 1.7.1.01. Prior versions may also be affected. SOLUTION: Update to version 1.7.1.02. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Karn Ganeshen ORIGINAL ADVISORY: http://ipositivesecurity.blogspot.com/#axzz0v3DPsUe2 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 4 21:23:15 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Aug 2010 06:23:15 +0200 Subject: [SEC] [SA40773] IBM Java Plugin Argument Injection Vulnerability Message-ID: <201008050423.o754NFi4019541@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: IBM Java Plugin Argument Injection Vulnerability SECUNIA ADVISORY ID: SA40773 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40773/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40773 RELEASE DATE: 2010-08-05 DISCUSS ADVISORY: http://secunia.com/advisories/40773/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40773/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40773 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged a vulnerability in IBM Java, which can be exploited by malicious people to compromise a user's system. For more information: SA39260 SOLUTION: Update to version 6 SR8 FP1. ORIGINAL ADVISORY: IBM: http://www.ibm.com/developerworks/java/jdk/alerts/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 4 21:44:50 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Aug 2010 06:44:50 +0200 Subject: [SEC] [SA40772] IBM Java Multiple Vulnerabilities Message-ID: <201008050444.o754ioOo007975@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: IBM Java Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40772 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40772/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40772 RELEASE DATE: 2010-08-05 DISCUSS ADVISORY: http://secunia.com/advisories/40772/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40772/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40772 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged multiple vulnerabilities in IBM Java, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, disclose potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system. For more information: SA37255 SOLUTION: Update to version 1.4.2 Service Refresh 13 Fix Pack 5 (1.4.2 SR13 FP5). ORIGINAL ADVISORY: IBM: http://www.ibm.com/developerworks/java/jdk/alerts/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 4 22:09:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Aug 2010 07:09:23 +0200 Subject: [SEC] [SA40759] LVM2 Abstract Socket Security Issue Message-ID: <201008050509.o7559NXP028932@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: LVM2 Abstract Socket Security Issue SECUNIA ADVISORY ID: SA40759 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40759/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40759 RELEASE DATE: 2010-08-05 DISCUSS ADVISORY: http://secunia.com/advisories/40759/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40759/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40759 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in LVM2, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to usage of an abstract socket for communication between lvm and clvmd without checking for credentials. This can be exploited to instruct the "clvmd" to perform operations e.g. activate, deactivate, or reload any Logical Volume. Successful exploitation requires that "clvmd" is running. SOLUTION: Update to version 2.02.72. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: https://www.redhat.com/archives/linux-lvm/2010-July/msg00083.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 5 10:29:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Aug 2010 19:29:26 +0200 Subject: [SEC] [SA40861] Debian update for wget Message-ID: <201008051729.o75HTQl6010908@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Debian update for wget SECUNIA ADVISORY ID: SA40861 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40861/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40861 RELEASE DATE: 2010-08-05 DISCUSS ADVISORY: http://secunia.com/advisories/40861/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40861/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40861 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for wget. This fixes a weakness, which can be exploited by malicious people to bypass certain security features. The weakness is caused due to wget using the filename suggested via the "Location" header when downloading files from an HTTP server. This can be exploited to e.g. create arbitrary files in the current directory on a user's system by tricking the user into downloading a file from a malicious HTTP server, which uses HTTP redirection to forward the request to a different file. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: oCERT credits Hank Leininger and Solar Designer. ORIGINAL ADVISORY: DSA-2088-1: http://www.debian.org/security/2010/dsa-2088 oCERT: http://www.ocert.org/advisories/ocert-2010-001.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 5 11:30:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Aug 2010 20:30:04 +0200 Subject: [SEC] [SA40851] Invensys Wonderware ConfigurationAccessComponent ActiveX Control Buffer Overflow Message-ID: <201008051830.o75IU47R001032@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Invensys Wonderware ConfigurationAccessComponent ActiveX Control Buffer Overflow SECUNIA ADVISORY ID: SA40851 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40851/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40851 RELEASE DATE: 2010-08-05 DISCUSS ADVISORY: http://secunia.com/advisories/40851/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40851/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40851 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Invensys Wonderware ConfigurationAccessComponent ActiveX Control, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a boundary error in the "ConfigurationAccessComponent" ActiveX control (ConfigurationAccessComponent.dll) within the IConfigurationAccess interface when handling arguments passed to the "UnsubscribeData()" method and can be exploited to cause a stack-based buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in Wonderware Development Studio running Wonderware Application Server versions prior to 3.1 SP2 P01. SOLUTION: Apply the security updates (please see the vendor advisory for details). PROVIDED AND/OR DISCOVERED BY: The vendor credits Richard van Eeden of IOActive Labs. ORIGINAL ADVISORY: Invensys Wonderware: http://www.pacwest.wonderware.com/web/News/NewsDetails.aspx?NewsID=203108 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 5 12:29:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Aug 2010 21:29:59 +0200 Subject: [SEC] [SA40832] MantisBT "Add Category" Script Insertion Vulnerability Message-ID: <201008051929.o75JTxrf023631@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: MantisBT "Add Category" Script Insertion Vulnerability SECUNIA ADVISORY ID: SA40832 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40832/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40832 RELEASE DATE: 2010-08-05 DISCUSS ADVISORY: http://secunia.com/advisories/40832/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40832/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40832 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered a vulnerability in MantisBT, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "name" parameter to manage_proj_cat_add.php when creating a project category is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "manager" permissions. The vulnerability is confirmed in version 1.2.2. Other versions may also be affected. SOLUTION: Fixed in the GIT repository. PROVIDED AND/OR DISCOVERED BY: Secunia Research ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2010-103/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 5 13:30:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Aug 2010 22:30:30 +0200 Subject: [SEC] [SA40826] PHPFinance Multiple Vulnerabilities Message-ID: <201008052030.o75KUUcv013818@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: PHPFinance Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40826 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40826/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40826 RELEASE DATE: 2010-08-05 DISCUSS ADVISORY: http://secunia.com/advisories/40826/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40826/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40826 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in PHPFinance, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change the database settings when a logged-in administrative user visits a specially crafted web page. This can further be exploited to conduct SQL injection attacks. 2) Input passed via the "tname" parameter to group.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed e.g. via the "cfg_dbname", "cfg_dbhost", "cfg_dbuser", and "cfg_dbpass" parameters to setup.php is not properly sanitised before being stored in inc.conf.php. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation requires authentication, but can be exploited in combination with vulnerability #1. The vulnerabilities have been confirmed in version 0.6. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Do not visit untrusted web pages or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: 1, 2) ~skskilL 3) Lily Weatherwax ORIGINAL ADVISORY: 1, 2) http://www.global-evolution.info/news/files/php-finance/Advisory-PHPFinance.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 5 14:23:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Aug 2010 23:23:37 +0200 Subject: [SEC] [SA40880] JomSocial Personal Classifieds Plugin Insecure Directory Permissions Weakness Message-ID: <201008052123.o75LNbHK003658@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: JomSocial Personal Classifieds Plugin Insecure Directory Permissions Weakness SECUNIA ADVISORY ID: SA40880 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40880/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40880 RELEASE DATE: 2010-08-05 DISCUSS ADVISORY: http://secunia.com/advisories/40880/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40880/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40880 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in the Personal Classifieds plugin for JomSocial, which can be exploited by malicious, local users to manipulate certain data and potentially gain escalated privileges. The weakness is caused due to the plugin setting insecure permissions (777) for the "images/profclassifieds" folder and its subfolders. This can be exploited to e.g. modify, create, or delete files contained in the folders. The weakness is reported in versions prior to 1.3. SOLUTION: Update to version 1.3, which sets permissions to 757. As this may still be insecure, verify and set correct permissions manually. PROVIDED AND/OR DISCOVERED BY: Originally reported in the Graffiti Wall plugin by terratech ORIGINAL ADVISORY: http://www.joomplace.com/news-22.html http://extensions.joomla.org/extensions/extension-specific/jomsocial-extensions/12953 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 5 14:49:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 5 Aug 2010 23:49:05 +0200 Subject: [SEC] [SA40842] Cisco ASA 5500 Series Multiple Denial of Service Vulnerabilities Message-ID: <201008052149.o75Ln5qg024646@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Cisco ASA 5500 Series Multiple Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA40842 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40842/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40842 RELEASE DATE: 2010-08-05 DISCUSS ADVISORY: http://secunia.com/advisories/40842/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40842/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40842 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cisco ASA (Adaptive Security Appliance) 5500 Series, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) Three errors exist in the SunRPC inspection engine while processing certain SunRPC messages. This can be exploited to reload a device via specially crafted UDP SunRPC packets that transit the appliance. 2) Three errors exist in the processing of certain TLS packets and can be exploited to reload the device by sending a series of specially crafted TLS packets. Successful exploitation of this vulnerability requires that the device is configured for SSL VPN, TLS Proxy for Encrypted Voice Inspection, or configured to accept ASDM management connections. 3) An error in the Session Initiation Protocol (SIP) inspection feature can be exploited to trigger an appliance reload via a specially crafted SIP packet that transits the appliance via TCP or UDP port 5060. 4) An error when parsing Internet Key Exchange (IKE) messages can be exploited to trigger an appliance reload via specially crafted packets sent to UDP ports 500 or 4500. Successful exploitation of this vulnerability requires that the device is configured for IPsec remote access or site-to-site VPNs SOLUTION: Update to a fixed version. Please see the vendor's advisory for detailed patch information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: cisco-sa-20100804-asa: http://www.cisco.com/warp/public/707/cisco-sa-20100804-asa.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 5 15:12:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Aug 2010 00:12:31 +0200 Subject: [SEC] [SA40881] JomSocial Profile Designer Plugin Insecure Directory Permissions Weakness Message-ID: <201008052212.o75MCVj1013262@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: JomSocial Profile Designer Plugin Insecure Directory Permissions Weakness SECUNIA ADVISORY ID: SA40881 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40881/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40881 RELEASE DATE: 2010-08-05 DISCUSS ADVISORY: http://secunia.com/advisories/40881/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40881/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40881 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in the Profile Designer plugin for JomSocial, which can be exploited by malicious, local users to manipulate certain data and potentially gain escalated privileges. The weakness is caused due to the plugin setting insecure permissions (777) for the "images/ID" folder. This can be exploited to e.g. modify, create, or delete files contained in the folders. The weakness is reported in versions prior to 1.3. SOLUTION: Update to version 1.3, which sets permissions to 757. As this may still be insecure, verify and set correct permissions manually. PROVIDED AND/OR DISCOVERED BY: Originally reported in the Graffiti Wall plugin by terratech. Reported in the Profile Designer plugin by the vendor. ORIGINAL ADVISORY: http://www.joomplace.com/news-22.html http://extensions.joomla.org/extensions/extension-specific/jomsocial-extensions/12711 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 5 15:46:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Aug 2010 00:46:17 +0200 Subject: [SEC] [SA40869] Piwik "url" Redirection Weakness Message-ID: <201008052246.o75MkHcJ002174@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Piwik "url" Redirection Weakness SECUNIA ADVISORY ID: SA40869 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40869/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40869 RELEASE DATE: 2010-08-06 DISCUSS ADVISORY: http://secunia.com/advisories/40869/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40869/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40869 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been discovered in Piwik, which can be exploited by malicious people to conduct spoofing attacks. Input passed via the "url" parameter to misc/redirectToUrl.php is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain. The weakness is confirmed in version 0.6.4 and 0.8. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Mehul Revankar OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 5 16:12:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Aug 2010 01:12:24 +0200 Subject: [SEC] [SA40882] Joomla! Aardvertiser Component Insecure Directory Permissions Weakness Message-ID: <201008052312.o75NCOQE023257@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Joomla! Aardvertiser Component Insecure Directory Permissions Weakness SECUNIA ADVISORY ID: SA40882 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40882/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40882 RELEASE DATE: 2010-08-06 DISCUSS ADVISORY: http://secunia.com/advisories/40882/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40882/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40882 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in the Aardvertiser component for Joomla!, which can be exploited by malicious, local users to manipulate certain data and potentially gain escalated privileges. The weakness is caused due to the component setting insecure permissions (777) for certain unspecified folders. This can be exploited to e.g. modify, create, or delete files contained in the folders. The weakness is reported in versions prior to 2.2.1. SOLUTION: Update to version 2.2.1. PROVIDED AND/OR DISCOVERED BY: The vendor credits Pierre of the Joomla! Extensions Directory. ORIGINAL ADVISORY: http://sourceforge.net/projects/aardvertiser/forums/forum/989030/topic/3788365 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 5 16:44:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Aug 2010 01:44:37 +0200 Subject: [SEC] [SA40852] JomSocial Graffiti Wall Plugin Insecure Directory Permissions Weakness Message-ID: <201008052344.o75NibXR012151@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: JomSocial Graffiti Wall Plugin Insecure Directory Permissions Weakness SECUNIA ADVISORY ID: SA40852 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40852/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40852 RELEASE DATE: 2010-08-06 DISCUSS ADVISORY: http://secunia.com/advisories/40852/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40852/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40852 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in the Graffiti Wall plugin for JomSocial, which can be exploited by malicious, local users to manipulate certain data and potentially gain escalated privileges. The weakness is caused due to the plugin setting insecure permissions (777) for the "images/graffitiwall/" folder its and subfolders. This can be exploited to e.g. modify, create, or delete files contained in the folders. The weakness is reported in versions prior to 1.1. SOLUTION: Update to version 1.1, which sets permissions to 757. As this may still be insecure, verify and set correct permissions manually. PROVIDED AND/OR DISCOVERED BY: terratech ORIGINAL ADVISORY: http://www.joomplace.com/news-22.html http://www.joomplace.com/forum/jomsocial-plugins/jomsocial-plugins/graffiti-wall-permissions-777.html http://extensions.joomla.org/extensions/extension-specific/jomsocial-extensions/13263 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 5 17:11:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Aug 2010 02:11:48 +0200 Subject: [SEC] [SA40843] Cisco Firewall Services Module Multiple Denial of Service Vulnerabilities Message-ID: <201008060011.o760BmMu000785@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Cisco Firewall Services Module Multiple Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA40843 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40843/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40843 RELEASE DATE: 2010-08-06 DISCUSS ADVISORY: http://secunia.com/advisories/40843/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40843/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40843 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cisco Firewall Services Module (FWSM), which can be exploited by malicious people to cause a DoS (Denial of Service). 1) Three errors exist in the SunRPC inspection engine while processing certain SunRPC messages. This can be exploited to reload a device via specially crafted SunRPC packets that transit the appliance. 2) An error exists in the processing of certain TCP packets when the device is configured in multi-mode (with virtual firewalls) and accepts Telnet, SSH, or ASDM connections. This can be exploited to reload the device by sending a series of specially crafted TCP packets. Successful exploitation of this vulnerability requires a complete TCP three-way handshake. SOLUTION: Update to a fixed version. Please see the vendor's advisory for detailed patch information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: cisco-sa-20100804-fwsm: http://www.cisco.com/warp/public/707/cisco-sa-20100804-fwsm.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 5 17:44:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Aug 2010 02:44:32 +0200 Subject: [SEC] [SA40865] HP ProCurve 2626/2650 Security Bypass Vulnerability Message-ID: <201008060044.o760iWox022160@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: HP ProCurve 2626/2650 Security Bypass Vulnerability SECUNIA ADVISORY ID: SA40865 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40865/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40865 RELEASE DATE: 2010-08-06 DISCUSS ADVISORY: http://secunia.com/advisories/40865/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40865/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40865 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP ProCurve 2600 Series switches, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an unspecified error and can be exploited to gain unauthorized access. No further information is currently available. The vulnerability is reported in versions prior to H.10.80 in the following products: * J8165A ProCurve Switch 2650-PWR * J4899A, J4899B, and J4899C ProCurve Switch 2650 * J8164A ProCurve Switch 2626-PWR * J4900A, J4900B, and J4900C ProCurve Switch 2626 SOLUTION: Update to version H.10.80 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBGN02560 SSRT100193: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02436047 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 5 18:09:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Aug 2010 03:09:32 +0200 Subject: [SEC] [SA40866] HP ProCurve Threat Management Services zl Module TLS/SSL Vulnerability Message-ID: <201008060109.o7619WIn010746@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: HP ProCurve Threat Management Services zl Module TLS/SSL Vulnerability SECUNIA ADVISORY ID: SA40866 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40866/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40866 RELEASE DATE: 2010-08-06 DISCUSS ADVISORY: http://secunia.com/advisories/40866/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40866/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40866 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: HP has acknowledged a vulnerability in HP Threat Management Services zl Module, which can be exploited by malicious people to manipulate certain data and cause a DoS (Denial of Service). The vulnerability exists in the TLS protocol while handling session re-negotiations. For more information see vulnerability #1: SA37291 The vulnerability is reported in zl Module J9155A and J9156A running versions prior to ST.1.1.100430. SOLUTION: Update to version ST.1.1.100430 or later. ORIGINAL ADVISORY: HPSBGN02562 SSRT090249: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02436041 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 5 18:24:01 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Aug 2010 03:24:01 +0200 Subject: [SEC] [SA40864] HP ProCurve 2610 Two Denial of Service Vulnerabilities Message-ID: <201008060124.o761O12m031228@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: HP ProCurve 2610 Two Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA40864 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40864/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40864 RELEASE DATE: 2010-08-06 DISCUSS ADVISORY: http://secunia.com/advisories/40864/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40864/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40864 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in HP ProCurve 2610 Series switches, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An unspecified error in the In-band Agent can be exploited to cause a DoS. No further information is currently available. This vulnerability is reported in versions prior to R.11.30. 2) An unspecified error in the DHCP service can be exploited to cause a DoS. No further information is currently available. This vulnerability is reported in versions prior to R.11.22. The vulnerabilities are reported in the following products: * J9085A ProCurve Switch 2610-24 * J9088A ProCurve Switch 2610-48 * J9086A ProCurve Switch 2610-24/12PWR * J9087A ProCurve Switch 2610-24-PWR * J9089A ProCurve Switch 2610-48-PWR SOLUTION: Update to version R.11.30 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBGN02559 SSRT100192: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02436043 HPSBGN02561 SSRT100194: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02436045 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 5 18:45:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Aug 2010 03:45:13 +0200 Subject: [SEC] [SA40867] HP ProCurve 1800 SNMP Information Disclosure Vulnerability Message-ID: <201008060145.o761jDSI019643@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: HP ProCurve 1800 SNMP Information Disclosure Vulnerability SECUNIA ADVISORY ID: SA40867 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40867/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40867 RELEASE DATE: 2010-08-06 DISCUSS ADVISORY: http://secunia.com/advisories/40867/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40867/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40867 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP ProCurve 1800 Series switches, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due an unspecified error and can be exploited to disclose certain information. No further information is currently available. The vulnerability is reported in the following products: * HP ProCurve Switch 1800-24G (J9028A/B) Software Release PB.03.02 and earlier. * HP ProCurve Switch 1800-8G (J9029A) Software Release PA.03.02 and earlier. SOLUTION: Apply updates. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBGN02501 SSRT071407: https://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02436028 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 5 19:15:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Aug 2010 04:15:37 +0200 Subject: [SEC] [SA40859] Red Hat Update for Multiple Packages Message-ID: <201008060215.o762FbYo008939@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Red Hat Update for Multiple Packages SECUNIA ADVISORY ID: SA40859 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40859/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40859 RELEASE DATE: 2010-08-06 DISCUSS ADVISORY: http://secunia.com/advisories/40859/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40859/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40859 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued updates for multiple packages. These fix multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges, and by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, disclose sensitive information, cause a DoS, or potentially to compromise a vulnerable system. For more information: SA17416 SA21172 SA24678 SA24732 SA25721 SA25827 SA26273 SA26466 SA26636 SA27398 SA27546 SA28081 SA28552 SA28878 SA30621 SA31379 SA31384 SA35284 SA35326 SA35500 SA35781 SA36140 SA36549 SA36675 SA38776 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: http://rhn.redhat.com/errata/RHSA-2010-0602.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 5 19:45:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Aug 2010 04:45:14 +0200 Subject: [SEC] [SA40833] Ubuntu update for kernel Message-ID: <201008060245.o762jEuF030122@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Ubuntu update for kernel SECUNIA ADVISORY ID: SA40833 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40833/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40833 RELEASE DATE: 2010-08-06 DISCUSS ADVISORY: http://secunia.com/advisories/40833/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40833/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40833 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, disclose potentially sensitive information, and potentially gain escalated privileges, and by malicious people to cause a DoS. For more information: SA32933 1) An error within the SCTP subsystem can be exploited to cause a crash by sending a specially crafted init packet. 2) An error exists within the GFS2 implementation, which can be exploited to cause a memory corruption and e.g. cause a DoS or gain escalated privileges. 3) A race condition within the "find_keyring_by_name()" function in security/keys/keyring.c can be exploited to access freed memory and e.g. cause a system panic. 4) The "btrfs_ioctl_clone()" function in fs/btrfs/ioctl.c does not properly check a user's read access to the source file before cloning the file, which can be exploited to e.g. disclose sensitive information. 5) An error exists within the "gfs2_set_flags()" function, which can be exploited to change certain file attributes of files on an GFS2 file system. 6) An error in btrfs allows local users to set ACLs for arbitrary files. 7) An error exists within eCryptfs when generating hash values, which can be exploited to e.g. cause a kernel panic or gain escalated privileges. Successful exploitation requires certain UIDs. Note: CVE-2008-7256 and CVE-2010-1643 only affect Ubuntu 6.06 LTS and 8.04 LTS. CVE-2010-1436, CVE-2010-1641, and CVE-2010-2492 do not affect Ubuntu 6.06 LTS. CVE-2010-1636 does not affect Ubuntu 9.10. CVE-2010-2071 only affects Ubuntu 9.10 and Ubuntu 10.04 LTS. CVE-2010-1451 does not affect Ubuntu 10.04 LTS. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Chris Guo, Jukka Taimisto, and Olli Jarva 2) Mario Mikocevic 3) Toshiyuki Okajima 4, 5) Dan Rosenberg 6) Shi Weihua 7) Andre Osterhues ORIGINAL ADVISORY: USN-966-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-August/001134.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 5 20:09:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Aug 2010 05:09:30 +0200 Subject: [SEC] [SA40857] Red Hat update for gnupg2 Message-ID: <201008060309.o7639UCk018656@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Red Hat update for gnupg2 SECUNIA ADVISORY ID: SA40857 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40857/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40857 RELEASE DATE: 2010-08-06 DISCUSS ADVISORY: http://secunia.com/advisories/40857/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40857/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40857 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for gnupg2. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system. For more information: SA38877 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0603-1: https://rhn.redhat.com/errata/RHSA-2010-0603.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 5 20:23:45 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Aug 2010 05:23:45 +0200 Subject: [SEC] [SA40844] Drupal Devel (Performance logging) Module Script Insertion Vulnerability Message-ID: <201008060323.o763Nj9j006752@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Drupal Devel (Performance logging) Module Script Insertion Vulnerability SECUNIA ADVISORY ID: SA40844 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40844/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40844 RELEASE DATE: 2010-08-06 DISCUSS ADVISORY: http://secunia.com/advisories/40844/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40844/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40844 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Devel (Performance logging) module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Certain input passed via node paths is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires that the attacker has permissions to add url aliases and the victim has access to the reports of the performance module. The vulnerability is reported in versions prior to 6.x-1.21 and 5.x-1.3. SOLUTION: Update to version the latest version. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Justin James Grevich ORIGINAL ADVISORY: SA-CONTRIB-2010-079: http://drupal.org/node/874132 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 5 20:44:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Aug 2010 05:44:38 +0200 Subject: [SEC] [SA40835] EMC Celerra Unified Storage Platforms Insecure NFS Export Security Issue Message-ID: <201008060344.o763icSH027523@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: EMC Celerra Unified Storage Platforms Insecure NFS Export Security Issue SECUNIA ADVISORY ID: SA40835 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40835/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40835 RELEASE DATE: 2010-08-06 DISCUSS ADVISORY: http://secunia.com/advisories/40835/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40835/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40835 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in EMC Celerra Unified Storage Platforms, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to the appliance insecurely exporting the root of the user data directory via NFS with a predefined list of authorised IP addresses. This can be exploited to mount and gain full access to the exported file system. Successful exploitation requires an attacker to spoof his IP address. SOLUTION: Please see the vendor's Customer Support KB for a recommended workaround. PROVIDED AND/OR DISCOVERED BY: Steve Ocepek, Trustwave's SpiderLabs ORIGINAL ADVISORY: https://www.trustwave.com/spiderlabs/advisories/TWSL2010-003.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 5 21:09:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Aug 2010 06:09:38 +0200 Subject: [SEC] [SA40728] Zemana AntiLogger IOCTL Handling Privilege Escalation Vulnerability Message-ID: <201008060409.o7649cEo016105@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Zemana AntiLogger IOCTL Handling Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA40728 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40728/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40728 RELEASE DATE: 2010-08-06 DISCUSS ADVISORY: http://secunia.com/advisories/40728/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40728/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40728 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Zemana AntiLogger, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the AntiLog32.sys device driver allowing to impersonate a process with SYSTEM privileges by sending a 0x8000201C IOCTL request. The vulnerability is confirmed in version 1.9.2.206 with AntiLog32.sys file version 1.5.2.755. Other versions may also be affected. SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: th_decoder OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 5 21:23:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Aug 2010 06:23:27 +0200 Subject: [SEC] [SA40733] Red Hat update for w3m Message-ID: <201008060423.o764NRTK004177@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Red Hat update for w3m SECUNIA ADVISORY ID: SA40733 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40733/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40733 RELEASE DATE: 2010-08-06 DISCUSS ADVISORY: http://secunia.com/advisories/40733/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40733/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40733 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for w3m. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks. For more information: SA40134 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0565-1: https://rhn.redhat.com/errata/RHSA-2010-0565.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 5 21:44:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Aug 2010 06:44:33 +0200 Subject: [SEC] [SA40779] Joomla! Appointinator Component "aid" SQL Injection Vulnerability Message-ID: <201008060444.o764iXNj025016@CRON-IX-2.intnet> ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Joomla! Appointinator Component "aid" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA40779 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40779/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40779 RELEASE DATE: 2010-08-06 DISCUSS ADVISORY: http://secunia.com/advisories/40779/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40779/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40779 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Salvatore Fresta has discovered a vulnerability in the Appointinator component for Joomla!, which can be exploited by malicious users to conduct SQL injection attacks. Input passed via the "aid" parameter to index.php (when "option" is set to "com_appointinator" and "view" is set to "App") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.0.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Salvatore Fresta aka Drosophila ORIGINAL ADVISORY: http://adv.salvatorefresta.net/Appointinator_1.0.1_Joomla_Component_Multiple_Remote_Vulnerabilities-27072010.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 5 22:09:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Aug 2010 07:09:37 +0200 Subject: [SEC] [SA40724] Debian update for xulrunner Message-ID: <201008060509.o7659b8c013598@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Debian update for xulrunner SECUNIA ADVISORY ID: SA40724 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40724/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40724 RELEASE DATE: 2010-08-06 DISCUSS ADVISORY: http://secunia.com/advisories/40724/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40724/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40724 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for xulrunner. This fixes some weaknesses and some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, conduct spoofing attacks, and compromise a user's system. For more information: SA39925 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA-2075-1: http://www.us.debian.org/security/2010/dsa-2075 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 6 10:30:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Aug 2010 19:30:33 +0200 Subject: [SEC] [SA40874] Hulihan Amethyst Script Insertion and Cross-Site Request Forgery Vulnerabilities Message-ID: <201008061730.o76HUXbd001979@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Hulihan Amethyst Script Insertion and Cross-Site Request Forgery Vulnerabilities SECUNIA ADVISORY ID: SA40874 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40874/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40874 RELEASE DATE: 2010-08-06 DISCUSS ADVISORY: http://secunia.com/advisories/40874/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40874/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40874 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered some vulnerabilities in Hulihan Amethyst, which can be exploited by malicious people to conduct script insertion and cross-site request forgery attacks. 1) Input passed via the "comment[name]" parameter to browse/create_comment is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session when the malicious data is being viewed. 2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change the administrative password or change site configuration by tricking a logged in administrative user into visiting a malicious web site. NOTE: This may further be used to conduct script insertion attacks. The vulnerability is confirmed in version 0.1.5. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Do not browse untrusted sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: Hulihan: http://dev.hulihanapplications.com/issues/show/207 http://dev.hulihanapplications.com/issues/show/208 http://dev.hulihanapplications.com/issues/show/209 http://dev.hulihanapplications.com/issues/show/210 High-Tech Bridge SA: http://www.htbridge.ch/advisory/xss_vulnerability_in_amethyst.html http://www.htbridge.ch/advisory/xss_vulnerability_in_amethyst_2.html http://www.htbridge.ch/advisory/xss_vulnerability_in_amethyst_1.html http://www.htbridge.ch/advisory/xsrf_csrf_in_amethyst.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 6 11:29:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Aug 2010 20:29:27 +0200 Subject: [SEC] [SA40870] Microsoft Windows win32k.sys Driver "CreateDIBPalette()" Buffer Overflow Message-ID: <201008061829.o76ITREP024515@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Microsoft Windows win32k.sys Driver "CreateDIBPalette()" Buffer Overflow SECUNIA ADVISORY ID: SA40870 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40870/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40870 RELEASE DATE: 2010-08-06 DISCUSS ADVISORY: http://secunia.com/advisories/40870/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40870/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40870 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Arkon has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to gain escalated privileges. The vulnerability is caused due to a boundary error in win32k.sys within the "CreateDIBPalette()" function when copying colour values into a buffer allocated with a fixed size when creating the DIB palette. This can be exploited via the "GetClipboardData()" API to cause a buffer overflow by specifying a large number of colours (greater than 256) via the "biClrUsed" field in a BITMAPINFOHEADER structure. Successful exploitation may allow execution of arbitrary code with kernel privileges. The vulnerability is confirmed in fully patched versions of Windows XP SP3, Windows Server 2003 R2 Enterprise SP2, Windows Vista Business SP1, Windows 7, and Windows Server 2008 SP2. SOLUTION: Grant only access to trusted users. PROVIDED AND/OR DISCOVERED BY: Arkon ORIGINAL ADVISORY: Arkon: http://www.ragestorm.net/blogs/?p=255 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 6 12:29:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Aug 2010 21:29:19 +0200 Subject: [SEC] [SA40827] Cisco Wireless Control System Cross-Site Scripting Vulnerabilities Message-ID: <201008061929.o76JTJWG014648@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Cisco Wireless Control System Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA40827 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40827/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40827 RELEASE DATE: 2010-08-06 DISCUSS ADVISORY: http://secunia.com/advisories/40827/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40827/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40827 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Cisco Wireless Control System, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed via the "searchText" parameter to webacs/QuickSearchAction.do is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Certain input passed to searchClientAction.do and switchGeneralAction.do is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Update to version 6.0.196.0 or later. PROVIDED AND/OR DISCOVERED BY: 1) Tom Neaves 2, 3) Reported by the vendor. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7.0.html Tom Neaves: http://www.tomneaves.com/Cisco_Wireless_Control_System_XSS.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 6 13:29:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Aug 2010 22:29:35 +0200 Subject: [SEC] [SA40890] Amlib NetOpacs "webquery.dll" Buffer Overflow Vulnerability Message-ID: <201008062029.o76KTZaP004812@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Amlib NetOpacs "webquery.dll" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA40890 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40890/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40890 RELEASE DATE: 2010-08-06 DISCUSS ADVISORY: http://secunia.com/advisories/40890/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40890/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40890 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Amlib NetOpacs, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in webquery.dll when processing web requests. This can be exploited to cause a stack-based buffer overflow via an overly-long string. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 5.2.0.4. Other versions may also be affected. SOLUTION: Restrict access to the application to trusted users only. PROVIDED AND/OR DISCOVERED BY: Reported in a Metasploit module by Patrick Webster. ORIGINAL ADVISORY: http://www.metasploit.com/modules/exploit/windows/http/amlibweb_webquerydll_app OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 6 14:23:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Aug 2010 23:23:31 +0200 Subject: [SEC] [SA40809] Intellinet Pro Series Network Camera Authentication Bypass Vulnerability Message-ID: <201008062123.o76LNV4p027067@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Intellinet Pro Series Network Camera Authentication Bypass Vulnerability SECUNIA ADVISORY ID: SA40809 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40809/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40809 RELEASE DATE: 2010-08-06 DISCUSS ADVISORY: http://secunia.com/advisories/40809/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40809/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40809 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Intellinet Pro Series Network Camera, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in the authentication mechanism, which can be exploited to gain access to the "main_configure.cgi" script without authentication by setting the "user_auth_level" cookie to "43". SOLUTION: Restrict network access to the administration interface. PROVIDED AND/OR DISCOVERED BY: Magnefikko OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 6 14:46:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 6 Aug 2010 23:46:43 +0200 Subject: [SEC] [SA40877] D-Link WBR-2310 RangeBooster G Router HTTP Denial of Service Vulnerability Message-ID: <201008062146.o76LkhhQ015543@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: D-Link WBR-2310 RangeBooster G Router HTTP Denial of Service Vulnerability SECUNIA ADVISORY ID: SA40877 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40877/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40877 RELEASE DATE: 2010-08-06 DISCUSS ADVISORY: http://secunia.com/advisories/40877/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40877/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40877 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Rodrigo Escobar has reported a vulnerability in D-Link WBR-2310 RangeBooster G Router, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing HTTP GET requests with an overly long path, which can be exploited to crash the vulnerable device via specially crafted HTTP requests. The vulnerability is reported in hardware version A1 running software version 1.04. Other versions may also be affected. SOLUTION: Filter malicious requests using a firewall. PROVIDED AND/OR DISCOVERED BY: Rodrigo Escobar, DcLabs ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2010-08/0022.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 6 15:12:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Aug 2010 00:12:59 +0200 Subject: [SEC] [SA40875] Hulihan BXR Multiple Vulnerabilities Message-ID: <201008062212.o76MCxWN004274@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Hulihan BXR Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40875 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40875/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40875 RELEASE DATE: 2010-08-06 DISCUSS ADVISORY: http://secunia.com/advisories/40875/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40875/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40875 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has reported multiple vulnerabilities in Hulihan BXR, which can be exploited by malicious people to conduct cross-site scripting, cross-site request forgery and SQL injection attacks. 1) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change the administrator's password by tricking a logged in administrator into visiting a malicious web site. 2) Input passed to the "setting[site_title]" parameter in settings/update_settings, "search[query]" parameter in search/show_results and "Tag 1" parameter in file/do_the_upload is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed via the "order_by" parameter to folder/list is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in version 0.6.8. Other versions may also be affected. SOLUTION: Do not browse untrusted sites or follow untrusted links while being logged-in to the application. Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: High-Tech Bridge SA (HTB22503, HTB22504, HTB22505, HTB22506, HTB22507): http://www.htbridge.ch/advisory/xsrf_csrf_in_bxr.html http://www.htbridge.ch/advisory/xss_vulnerability_in_bxr.html http://www.htbridge.ch/advisory/xss_vulnerability_in_bxr_search.html http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_bxr.html http://www.htbridge.ch/advisory/xss_vulnerability_in_bxr_1.html Hulihan BXR: http://dev.hulihanapplications.com/issues/show/201 http://dev.hulihanapplications.com/issues/show/203 http://dev.hulihanapplications.com/issues/show/204 http://dev.hulihanapplications.com/issues/show/205 http://dev.hulihanapplications.com/issues/show/206 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 6 15:45:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Aug 2010 00:45:49 +0200 Subject: [SEC] [SA40860] Debian update for php5 Message-ID: <201008062245.o76Mjnlv025575@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Debian update for php5 SECUNIA ADVISORY ID: SA40860 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40860/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40860 RELEASE DATE: 2010-08-07 DISCUSS ADVISORY: http://secunia.com/advisories/40860/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40860/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40860 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for php5. This fixes a weakness and two vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information and potentially compromise a vulnerable system. For more information: SA39675 SA40268 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA-2089-1: http://lists.debian.org/debian-security-announce/2010/msg00134.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 6 16:13:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Aug 2010 01:13:19 +0200 Subject: [SEC] [SA40862] IBM WebSphere Service Registry and Repository Two Cross-Site Scripting Vulnerabilities Message-ID: <201008062313.o76NDJgU014264@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: IBM WebSphere Service Registry and Repository Two Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA40862 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40862/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40862 RELEASE DATE: 2010-08-07 DISCUSS ADVISORY: http://secunia.com/advisories/40862/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40862/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40862 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in IBM WebSphere Service Registry and Repository, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "searchTerm" parameter in ServiceRegistry/HelpSearch.do and to the "queryItems[0].value" parameter in ServiceRegistry/QueryWizardProcessStep1.do (when "queryConditionGroupType" is set to "AND") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in version 6.3. SOLUTION: Apply APAR IZ75984. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (IZ75984, IZ76926): http://www-01.ibm.com/support/docview.wss?uid=swg1IZ76926 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 6 16:44:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Aug 2010 01:44:33 +0200 Subject: [SEC] [SA40898] Frigate FTP Client Directory Download Directory Traversal Vulnerability Message-ID: <201008062344.o76NiX2c003093@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Frigate FTP Client Directory Download Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA40898 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40898/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40898 RELEASE DATE: 2010-08-07 DISCUSS ADVISORY: http://secunia.com/advisories/40898/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40898/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40898 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Frigate Standard and Professional, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error within the included FTP client when downloading directories containing files with directory traversal specifiers in the filename. This can be exploited to download files to an arbitrary location on a user's system. Successful exploitation requires that the user is tricked into connecting and downloading a directory from a malicious FTP server. The vulnerability is confirmed in Frigate Standard and Professional version 3.36 (3.36.0.9). Other versions may also be affected. SOLUTION: Download from trusted servers only. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: http://www.htbridge.ch/advisory/directory_traversal_in_frigate_3_built_in_ftp_client.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 6 17:11:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Aug 2010 02:11:31 +0200 Subject: [SEC] [SA40899] SmartFTP Directory Download Directory Traversal Vulnerability Message-ID: <201008070011.o770BVBh024147@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: SmartFTP Directory Download Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA40899 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40899/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40899 RELEASE DATE: 2010-08-07 DISCUSS ADVISORY: http://secunia.com/advisories/40899/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40899/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40899 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in SmartFTP, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when downloading directories containing files with directory traversal specifiers in the filename. This can be exploited to download files to an arbitrary location on a user's system. Successful exploitation requires that the user is tricked into connecting and downloading a directory from a malicious FTP server. The vulnerability is reported in version 4.0 Build 1124. Other versions may also be affected. SOLUTION: Update to version 4.0 Build 1133. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: SmartFTP: http://www.smartftp.com/forums/index.php?/topic/16425-smartftp-client-40-change-log/ High-Tech Bridge SA: http://www.htbridge.ch/advisory/directory_traversal_in_smartftp.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 6 17:44:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Aug 2010 02:44:29 +0200 Subject: [SEC] [SA40873] Hulihan DiamondList Cross-Site Request Forgery Vulnerability Message-ID: <201008070044.o770iTMZ013056@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Hulihan DiamondList Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA40873 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40873/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40873 RELEASE DATE: 2010-08-07 DISCUSS ADVISORY: http://secunia.com/advisories/40873/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40873/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40873 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in DiamondList, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change the administrative password or change site configuration by tricking a logged in administrative user into visiting a malicious web site. NOTE: This may further be used to conduct script insertion attacks. The vulnerability is confirmed in version 0.1.6. SOLUTION: Do not browse untrusted sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: Hulihan: http://dev.hulihanapplications.com/issues/show/211 http://dev.hulihanapplications.com/issues/show/212 http://dev.hulihanapplications.com/issues/show/213 High-Tech Bridge SA: http://www.htbridge.ch/advisory/xsrf_csrf_in_diamondlist.html http://www.htbridge.ch/advisory/xss_vulnerability_in_diamondlist.html http://www.htbridge.ch/advisory/xss_vulnerability_in_diamondlist_1.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 6 18:09:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Aug 2010 03:09:19 +0200 Subject: [SEC] [SA40901] FTP Explorer Directory Download Directory Traversal Vulnerability Message-ID: <201008070109.o7719JaL001561@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: FTP Explorer Directory Download Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA40901 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40901/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40901 RELEASE DATE: 2010-08-07 DISCUSS ADVISORY: http://secunia.com/advisories/40901/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40901/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40901 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in FTP Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when downloading directories containing files with directory traversal specifiers in the filename. This can be exploited to download files to an arbitrary location on a user's system. Successful exploitation requires that the user is tricked into connecting and downloading a directory from a malicious FTP server. The vulnerability is confirmed in version 10.5.19 build 001. Other versions may also be affected. SOLUTION: Download from trusted servers only. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: http://www.htbridge.ch/advisory/directory_traversal_in_ftp_explorer.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 6 18:23:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Aug 2010 03:23:12 +0200 Subject: [SEC] [SA40903] Foxit Reader FreeType2 CFF Font Parsing Vulnerability Message-ID: <201008070123.o771NCT8022076@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Foxit Reader FreeType2 CFF Font Parsing Vulnerability SECUNIA ADVISORY ID: SA40903 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40903/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40903 RELEASE DATE: 2010-08-07 DISCUSS ADVISORY: http://secunia.com/advisories/40903/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40903/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40903 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Foxit Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the use of vulnerable FreeType2 code. For more information: SA40816 SOLUTION: Update to version 4.1.1. ORIGINAL ADVISORY: http://www.foxitsoftware.com/pdf/reader/bugfix.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 6 18:44:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Aug 2010 03:44:25 +0200 Subject: [SEC] [SA40849] Red Hat update for freetype2 Message-ID: <201008070144.o771iPZj010458@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Red Hat update for freetype2 SECUNIA ADVISORY ID: SA40849 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40849/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40849 RELEASE DATE: 2010-08-07 DISCUSS ADVISORY: http://secunia.com/advisories/40849/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40849/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40849 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for freetype2. This fixes two vulnerabilities, which can be exploited by malicious people to compromise an application using the library. For more information: SA40816 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010-0607: https://rhn.redhat.com/errata/RHSA-2010-0607.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 6 19:14:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Aug 2010 04:14:24 +0200 Subject: [SEC] [SA40900] FTPRush Directory Download Directory Traversal Vulnerability Message-ID: <201008070214.o772EOu4032118@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: FTPRush Directory Download Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA40900 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40900/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40900 RELEASE DATE: 2010-08-07 DISCUSS ADVISORY: http://secunia.com/advisories/40900/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40900/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40900 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in FTPRush, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when downloading directories containing files with directory traversal specifiers in the filename. This can be exploited to download files to an arbitrary location on a user's system. Successful exploitation requires that the user is tricked into connecting and downloading a directory from a malicious FTP server. The vulnerability is confirmed in FTPRush version 1.1.3. Other versions may also be affected. SOLUTION: Download from trusted servers only. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge AS ORIGINAL ADVISORY: http://www.htbridge.ch/advisory/directory_traversal_in_ftp_rush.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 6 19:44:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Aug 2010 04:44:05 +0200 Subject: [SEC] [SA40804] Oracle Siebel Option Pack for IE ActiveX Control Vulnerability Message-ID: <201008070244.o772i5fQ020892@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Oracle Siebel Option Pack for IE ActiveX Control Vulnerability SECUNIA ADVISORY ID: SA40804 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40804/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40804 RELEASE DATE: 2010-08-07 DISCUSS ADVISORY: http://secunia.com/advisories/40804/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40804/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40804 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Will Dormann has reported a vulnerability in Oracle Siebel Option Pack for IE, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to memory used by the "NewBusObj()" method not being properly initialised and can be exploited via a specially crafted web page. Successful exploitation may allow execution of arbitrary code. SOLUTION: Set the kill-bit for the affected ActiveX control. PROVIDED AND/OR DISCOVERED BY: Will Dormann, CERT/CC. ORIGINAL ADVISORY: US-CERT VU#174089: http://www.kb.cert.org/vuls/id/174089 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 6 20:10:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Aug 2010 05:10:08 +0200 Subject: [SEC] [SA40896] DT Centrepiece Cross-Site Scripting and Security Bypass Vulnerabilities Message-ID: <201008070310.o773A8d4009491@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: DT Centrepiece Cross-Site Scripting and Security Bypass Vulnerabilities SECUNIA ADVISORY ID: SA40896 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40896/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40896 RELEASE DATE: 2010-08-07 DISCUSS ADVISORY: http://secunia.com/advisories/40896/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40896/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40896 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered some vulnerabilities in DT Centrepiece, which can be exploited by malicious users to perform certain actions with escalated privileges and malicious people to conduct cross-site scripting attacks and bypass certain security restrictions. 1) Input passed via the "searchFor" parameter to search.asp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "c" parameter to login.asp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed via the "user" parameter to register.asp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 4) An error in the application uses predictable values to validate a user registration and can be exploited to register and validate arbitrary users. Successful exploitation of this vulnerability requires that "Register Mode" is set to "UserEmail". 5) An error in the application allows access to other user accounts by checking if the "_Remember_Username" cookie is a username of a valid user and can be exploited to e.g. gain privileges of another user. The vulnerabilities are confirmed in version 4.5. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised and verified. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: http://www.htbridge.ch/advisory/xss_vulnerability_in_dt_centrepiece.html http://www.htbridge.ch/advisory/xss_vulnerability_in_dt_centrepiece_1.html http://www.htbridge.ch/advisory/xss_vulnerability_in_dt_centrepiece_2.html http://www.htbridge.ch/advisory/application_logic_error_in_dt_centrepiece.html http://www.htbridge.ch/advisory/application_logic_error_in_dt_centrepiece_1.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 6 20:23:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Aug 2010 05:23:32 +0200 Subject: [SEC] [SA40816] FreeType2 Multiple Vulnerabilities Message-ID: <201008070323.o773NWT0029926@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: FreeType2 Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40816 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40816/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40816 RELEASE DATE: 2010-08-07 DISCUSS ADVISORY: http://secunia.com/advisories/40816/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40816/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40816 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in FreeType2, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library. 1) Two vulnerabilities are caused due to errors when processing certain opcodes of Compact Font Format (CFF) fonts, which can be exploited to cause a stack corruption by tricking a user into processing a specially crafted CFF font in an application using the library. This is related to: SA40807 2) A boundary error exists within the "Mac_Read_POST_Resource()" function in src/base/ftobjs.c when processing certain Adobe Type 1 Mac Font File (LWFN) fonts, which can be exploited to cause a heap-based buffer overflow by tricking a user into processing a specially crafted LWFN font in an application using the library. SOLUTION: Fixed in the GIT repository. PROVIDED AND/OR DISCOVERED BY: 1) comex, disclosed via jailbreakme.com. Additional information provided by Braden Thomas, Apple Product Security Team. 2) Robert Swiecki ORIGINAL ADVISORY: 1) http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=018f5c27813dd7eef4648fe254632ecea0c85a50 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=11d65e8a1f1f14e56148fd991965424d9bd1cdbc 2) http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=81f3472c0ba7b8f6466e2e214fa8c1c17fade975 https://savannah.nongnu.org/bugs/?30658 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 6 20:44:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Aug 2010 05:44:58 +0200 Subject: [SEC] [SA40892] Bugzilla Multiple Weaknesses and Vulnerability Message-ID: <201008070344.o773iwUa018328@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Bugzilla Multiple Weaknesses and Vulnerability SECUNIA ADVISORY ID: SA40892 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40892/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40892 RELEASE DATE: 2010-08-07 DISCUSS ADVISORY: http://secunia.com/advisories/40892/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40892/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40892 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple weaknesses and a vulnerability have been reported in Bugzilla, which can be exploited by malicious users to bypass certain security restrictions and cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information 1) A weakness in the boolean charts search interface can be exploited to disclose other users' group membership. 2) A weakness in the "Reports" and "Duplicates" pages can be exploited to disclose confidential product names. 3) An error when processing bug comments can be exploited to prevent viewing bug entries via an overly large integer value in a comment field. Successful exploitation requires valid credentials and the application configured to use the PostgreSQL database. 4) A weakness within the "sudo" feature can be exploited to bypass the notification to the target user via a specially crafted cookie. Successful exploitation requires the "sudo" permissions. The weaknesses and the vulnerability are reported in versions prior to 3.2.8, prior to 3.4.8, prior to 3.6.2, and prior to 3.7.3. SOLUTION: Update to version 3.2.8, 3.4.8, 3.6.2, and 3.7.3 or apply patches (please see the vendor advisory for details). PROVIDED AND/OR DISCOVERED BY: 1, 2) The vendor credits Frederic Buclin. 3) The vendor credits Slava Buhtiarov. 4) The vendor credits Bradley Baetz. ORIGINAL ADVISORY: http://www.bugzilla.org/security/3.2.7/ https://bugzilla.mozilla.org/show_bug.cgi?id=417048 https://bugzilla.mozilla.org/show_bug.cgi?id=577139 https://bugzilla.mozilla.org/show_bug.cgi?id=583690 https://bugzilla.mozilla.org/show_bug.cgi?id=450013 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 6 21:09:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Aug 2010 06:09:31 +0200 Subject: [SEC] [SA40876] Open Blog Cross-Site Request Forgery Vulnerability Message-ID: <201008070409.o7749VvL006872@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Open Blog Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA40876 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40876/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40876 RELEASE DATE: 2010-08-07 DISCUSS ADVISORY: http://secunia.com/advisories/40876/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40876/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40876 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in Open Blog, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. assign a user administrative privileges or change an administrator's password by tricking a logged in administrative user into visiting a malicious web site. NOTE: This may further be used to conduct script insertion attacks. The vulnerability is confirmed in version 1.2.1. Other versions may also be affected. SOLUTION: Do not browse untrusted websites or follow untrusted links while logged in to the application. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: http://www.htbridge.ch/advisory/xsrf_csrf_in_open_blog.html http://www.htbridge.ch/advisory/xss_vulnerability_in_open_blog.html http://www.htbridge.ch/advisory/xss_vulnerability_in_open_blog_1.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 6 21:23:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Aug 2010 06:23:22 +0200 Subject: [SEC] [SA40711] Novell Sentinel Log Manager Unauthorised File Deletion Vulnerability Message-ID: <201008070423.o774NMGk027312@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Novell Sentinel Log Manager Unauthorised File Deletion Vulnerability SECUNIA ADVISORY ID: SA40711 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40711/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40711 RELEASE DATE: 2010-08-07 DISCUSS ADVISORY: http://secunia.com/advisories/40711/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40711/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40711 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Sentinel Log Manager, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to insufficient access checks when granting access to protected files owned by the user, who owns the install (usually "novell"). This can be exploited by an unauthenticated person with HTTP access to delete arbitrary files containing an underscore in the name. SOLUTION: Update to version 1.1.0.2 (1.1 Hot Fix 2). Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits 1c239c43f521145fa8385d64a9c32243 via ZDI. ORIGINAL ADVISORY: Novell: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5078470.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 6 21:44:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Aug 2010 06:44:17 +0200 Subject: [SEC] [SA40894] Ubuntu update for pcsc-lite Message-ID: <201008070444.o774iHKg015691@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Ubuntu update for pcsc-lite SECUNIA ADVISORY ID: SA40894 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40894/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40894 RELEASE DATE: 2010-08-07 DISCUSS ADVISORY: http://secunia.com/advisories/40894/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40894/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40894 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for pcsc-lite. This fixes multiple vulnerabilities, which can potentially be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges. For more information: SA35500 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-969-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-August/001136.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 6 22:09:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Aug 2010 07:09:16 +0200 Subject: [SEC] [SA40887] Nuked-Klan Partenaires Module "id" SQL Injection Vulnerability Message-ID: <201008070509.o7759GHK004254@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Nuked-Klan Partenaires Module "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA40887 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40887/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40887 RELEASE DATE: 2010-08-07 DISCUSS ADVISORY: http://secunia.com/advisories/40887/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40887/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40887 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Partenaires module for Nuked-Klan, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to modules/Partenaires/clic.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.5. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Metropolis OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Aug 7 10:29:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Aug 2010 19:29:18 +0200 Subject: [SEC] [SA40885] Red Hat update for kernel Message-ID: <201008071729.o77HTIHx025027@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Red Hat update for kernel SECUNIA ADVISORY ID: SA40885 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40885/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40885 RELEASE DATE: 2010-08-07 DISCUSS ADVISORY: http://secunia.com/advisories/40885/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40885/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40885 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA38499 1) Errors within the implementation of the External Data Representation (XDR) for NFSv4 can be exploited to cause a kernel panic and potentially execute arbitrary code by sending specially crafted compound requests to the NFSv4 server. SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010-0606: http://rhn.redhat.com/errata/RHSA-2010-0606.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Aug 7 11:29:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Aug 2010 20:29:34 +0200 Subject: [SEC] [SA40889] Ubuntu base-files Dell Latitude 2110 Unauthenticated Package Installation Message-ID: <201008071829.o77ITYFM015174@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Ubuntu base-files Dell Latitude 2110 Unauthenticated Package Installation SECUNIA ADVISORY ID: SA40889 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40889/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40889 RELEASE DATE: 2010-08-07 DISCUSS ADVISORY: http://secunia.com/advisories/40889/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40889/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40889 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Canonical has acknowledged a vulnerability in Ubuntu, which can be exploited by malicious people to bypass certain security features. The vulnerability is caused due to the Ubuntu image shipped with Dell Latitude 2110 systems being configured to allow package installations without properly authenticating the package. This can be exploited to e.g. execute arbitrary code with root privileges by modifying packages via Man-in-the-Middle (MitM) attacks or by compromising an Ubuntu archive mirror. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: USN-968-1: http://www.ubuntu.com/usn/usn-968-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Aug 7 12:29:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Aug 2010 21:29:13 +0200 Subject: [SEC] [SA40902] Prado Portal "page" Cross-Site Scripting Vulnerability Message-ID: <201008071929.o77JTDqF005291@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Prado Portal "page" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA40902 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40902/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40902 RELEASE DATE: 2010-08-07 DISCUSS ADVISORY: http://secunia.com/advisories/40902/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40902/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40902 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in Prado Portal, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "page" parameter in index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.2.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22515: http://www.htbridge.ch/advisory/xss_vulnerability_in_prado_portal.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Aug 7 13:30:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Aug 2010 22:30:08 +0200 Subject: [SEC] [SA38690] Autonomy Keyview Multiple Vulnerabilities Message-ID: <201008072030.o77KU87A027859@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Autonomy Keyview Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38690 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/38690/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=38690 RELEASE DATE: 2010-08-07 DISCUSS ADVISORY: http://secunia.com/advisories/38690/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/38690/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=38690 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered multiple vulnerabilities in Autonomy KeyView, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. 1) A boundary error when parsing records in compound documents can be exploited to cause a heap-based buffer overflow by tricking a user into viewing e.g. a specially crafted Quattro Pro file. 2) A boundary error in the SpreadSheet Lotus 123 reader (wkssr.dll) when converting floating point values can be exploited to cause a stack-based buffer overflow. 3) Two boundary errors in the SpreadSheet Lotus 123 reader (wkssr.dll) when parsing certain records can be exploited to cause stack-based buffer overflows. 4) An error in the SpreadSheet Lotus 123 reader (wkssr.dll) when allocating an array of pointers during the parsing of a certain record can be exploited to corrupt heap memory when later parsing strings in a specially crafted file. 5) An integer underflow error in the SpreadSheet Lotus 123 reader (wkssr.dll) when parsing the size of a certain record can be exploited to cause a buffer overflow. 6) A signedness error in the RTF reader (rtfsr.dll) when parsing the argument to the "\ls" keyword within a list override table entry in RTF files can be exploited to cause a buffer overflow. 7) A boundary error in the WordPerfect 5 reader (wosr.dll) when parsing data blocks can be exploited to cause a heap-based buffer overflow. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are confirmed in version 10.4 and 10.9. Other versions may also be affected. SOLUTION: Apply patches for versions 10.10, 10.9, 10.8, 10.5, 10.4, 10.3, 9.2, and 7.4. PROVIDED AND/OR DISCOVERED BY: 1-5) Carsten Eiram, Secunia Research. 6-7) Dyon Balding, Secunia Research. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2010-16/ http://secunia.com/secunia_research/2010-23/ http://secunia.com/secunia_research/2010-27/ http://secunia.com/secunia_research/2010-28/ http://secunia.com/secunia_research/2010-31/ http://secunia.com/secunia_research/2010-35/ http://secunia.com/secunia_research/2010-49/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Aug 7 14:23:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 7 Aug 2010 23:23:03 +0200 Subject: [SEC] [SA40718] Debian update for gnupg2 Message-ID: <201008072123.o77LN3CB017682@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Debian update for gnupg2 SECUNIA ADVISORY ID: SA40718 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40718/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40718 RELEASE DATE: 2010-08-07 DISCUSS ADVISORY: http://secunia.com/advisories/40718/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40718/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40718 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for gnupg2. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system. For more information: SA38877 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA-2076-1: http://www.us.debian.org/security/2010/dsa-2076 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 9 10:29:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 9 Aug 2010 19:29:25 +0200 Subject: [SEC] [SA40919] ZNC Denial of Service Vulnerabilities Message-ID: <201008091729.o79HTPBg027057@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: ZNC Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA40919 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40919/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40919 RELEASE DATE: 2010-08-09 DISCUSS ADVISORY: http://secunia.com/advisories/40919/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40919/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40919 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in ZNC, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service). The vulnerabilities are caused due to ZNC not correctly handling certain exceptions related to "substr()" calls, which can be exploited to crash ZNC by e.g. sending a "PING" command without parameters or connecting to a malicious IRC server. The vulnerabilities are reported in version 0.092. Other versions may also be affected. SOLUTION: Fixed in the SVN repository. PROVIDED AND/OR DISCOVERED BY: Reported within the PING handling by Sm0ke0ut. Additional information by the vendor. ORIGINAL ADVISORY: http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2093 http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2095 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 9 11:28:57 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 9 Aug 2010 20:28:57 +0200 Subject: [SEC] [SA40854] Debian update for cabextract Message-ID: <201008091828.o79ISv15017180@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Debian update for cabextract SECUNIA ADVISORY ID: SA40854 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40854/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40854 RELEASE DATE: 2010-08-09 DISCUSS ADVISORY: http://secunia.com/advisories/40854/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40854/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40854 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for cabextract. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the handling of cabinate files and can potentially be exploited to execute arbitrary code. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: DSA-2087-1: http://www.us.debian.org/security/2010/dsa-2087 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 9 12:28:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 9 Aug 2010 21:28:35 +0200 Subject: [SEC] [SA40920] Tycoon Baseball Script "game_id" SQL Injection Vulnerability Message-ID: <201008091928.o79JSZgl007331@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Tycoon Baseball Script "game_id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA40920 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40920/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40920 RELEASE DATE: 2010-08-09 DISCUSS ADVISORY: http://secunia.com/advisories/40920/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40920/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40920 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Tycoon Baseball Script, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "game_id" parameter to index.php (when "mode" is set to "game_player") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Silic0n OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 9 13:27:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 9 Aug 2010 22:27:43 +0200 Subject: [SEC] [SA40926] Joomla! cgTestimonial Component Cross-Site Scripting and Arbitrary File Upload Message-ID: <201008092027.o79KRhCY029848@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Joomla! cgTestimonial Component Cross-Site Scripting and Arbitrary File Upload SECUNIA ADVISORY ID: SA40926 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40926/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40926 RELEASE DATE: 2010-08-09 DISCUSS ADVISORY: http://secunia.com/advisories/40926/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40926/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40926 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Salvatore Fresta has discovered some vulnerabilities in the cgTestimonial component for Joomla!, which can be exploited by malicious users and malicious people to compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks. 1) Input passed to the "url" parameter in components/com_cgtestimonial/video.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a users browser session in context of an affected site. 2) An error in the components/com_cgtestimonial/cgtestimonial.php script allows upload of files with arbitrary extensions to a folder inside the web root. This can be exploited to execute arbitrary PHP code by uploading a PHP file with e.g. an "image/jpg" content type. 3) An error in the administrator/components/com_cgtestimonial/testimonial.php script allows upload of files with arbitrary extensions to a folder inside the web root. This can be exploited to execute arbitrary PHP code by uploading a PHP file with e.g. an "image/jpg" content type. Successful exploitation of this vulnerability requires "Public Back-end" permissions. The vulnerabilities are confirmed in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Restrict access to the components/com_cgtestimonial/user_images directory (e.g. via .htaccess) PROVIDED AND/OR DISCOVERED BY: Salvatore Fresta aka Drosophila ORIGINAL ADVISORY: http://adv.salvatorefresta.net/cgTestimonial_2.2_Joomla_Component_Multiple_Remote_Vulnerabilities-06082010.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 9 14:21:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 9 Aug 2010 23:21:24 +0200 Subject: [SEC] [SA40884] Babiloo Insecure Temporary Files Security Issue Message-ID: <201008092121.o79LLOJv019712@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Babiloo Insecure Temporary Files Security Issue SECUNIA ADVISORY ID: SA40884 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40884/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40884 RELEASE DATE: 2010-08-09 DISCUSS ADVISORY: http://secunia.com/advisories/40884/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40884/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40884 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been discovered in Babiloo, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the application creating temporary files in an insecure manner when downloading online dictionaries. This can be exploited to e.g. overwrite arbitrary files with the privileges of the user running Babiloo via symlink attacks. The security issue is confirmed in version 2.0.9 on a Linux system. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Reported by Jakub Wilk in a Debian bug. ORIGINAL ADVISORY: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=591995 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 9 14:42:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 9 Aug 2010 23:42:30 +0200 Subject: [SEC] [SA40906] OpenSSL "ssl3_get_key_exchange()" Use-After-Free Vulnerability Message-ID: <201008092142.o79LgU83008120@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: OpenSSL "ssl3_get_key_exchange()" Use-After-Free Vulnerability SECUNIA ADVISORY ID: SA40906 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40906/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40906 RELEASE DATE: 2010-08-09 DISCUSS ADVISORY: http://secunia.com/advisories/40906/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40906/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40906 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in OpenSSL, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerability is caused due to a use-after-free error within the "ssl3_get_key_exchange()" function in ssl/s3_clnt.c and can be exploited by e.g. tricking a client into connecting to a malicious server. The vulnerability is confirmed in version 1.0.0a. Other versions may also be affected. SOLUTION: Connect to trusted servers only. PROVIDED AND/OR DISCOVERED BY: Georgi Guninski ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0085.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 9 14:59:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 9 Aug 2010 23:59:48 +0200 Subject: [SEC] [SA40914] Debian update for socat Message-ID: <201008092159.o79LxmHX028834@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Debian update for socat SECUNIA ADVISORY ID: SA40914 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40914/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40914 RELEASE DATE: 2010-08-09 DISCUSS ADVISORY: http://secunia.com/advisories/40914/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40914/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40914 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for socat. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA40806 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA-2090-1: http://lists.debian.org/debian-security-announce/2010/msg00135.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 9 15:25:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 10 Aug 2010 00:25:03 +0200 Subject: [SEC] [SA40924] RSA enVision Denial of Service Vulnerability Message-ID: <201008092225.o79MP3dP017428@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: RSA enVision Denial of Service Vulnerability SECUNIA ADVISORY ID: SA40924 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40924/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40924 RELEASE DATE: 2010-08-10 DISCUSS ADVISORY: http://secunia.com/advisories/40924/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40924/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40924 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in RSA enVision, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to an input validation error. No further information is currently available. The vulnerability is reported in versions prior to 3.7 SP1. SOLUTION: Update to version 3.7 SP1. PROVIDED AND/OR DISCOVERED BY: The vendor credits Abdoul Karim Ganame. ORIGINAL ADVISORY: ESA-2010-013: http://archives.neohapsis.com/archives/bugtraq/2010-08/0091.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 10 10:27:57 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 10 Aug 2010 19:27:57 +0200 Subject: [SEC] [SA40932] Joomla! Amblog Component "catid" and "articleid" SQL Injection Vulnerabilities Message-ID: <201008101727.o7AHRvfK024577@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Joomla! Amblog Component "catid" and "articleid" SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA40932 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40932/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40932 RELEASE DATE: 2010-08-10 DISCUSS ADVISORY: http://secunia.com/advisories/40932/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40932/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40932 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Salvatore Fresta has discovered some vulnerabilities in the Amblog component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. 1) Input passed via the "catid" parameter to index.php (when "option" is set to "com_amblog" and "view" is set to "amblog") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed via the "catid" parameter to index.php (when "option" is set to "com_amblog" and "task" is set to "newform") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 3) Input passed via the "articleid" parameter to index.php (when "option" is set to "com_amblog" and "task" is set to "article", "editform", "editcommentform", "savenewcomment", "saveeditcomment", "editsave", or "delete") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Salvatore Fresta aka Drosophila ORIGINAL ADVISORY: http://adv.salvatorefresta.net/Amblog_1.0_Joomla_Component_Multiple_SQL_Injection_Vulnerabilities-10082010.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 10 11:29:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 10 Aug 2010 20:29:07 +0200 Subject: [SEC] [SA40893] Microsoft XML Core Services HTTP Response Handling Vulnerability Message-ID: <201008101829.o7AIT7pq014789@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Microsoft XML Core Services HTTP Response Handling Vulnerability SECUNIA ADVISORY ID: SA40893 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40893/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40893 RELEASE DATE: 2010-08-10 DISCUSS ADVISORY: http://secunia.com/advisories/40893/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40893/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40893 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft XML Core Services, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error in the handling of HTTP responses and can be exploited to corrupt memory e.g. if a user visits a specially crafted web page using Internet Explorer. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits SkyLined, Google Inc. ORIGINAL ADVISORY: MS10-051 (KB2079403): http://www.microsoft.com/technet/security/Bulletin/MS10-051.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 10 12:37:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 10 Aug 2010 21:37:11 +0200 Subject: [SEC] [SA40935] Microsoft Windows SMB Server Multiple Vulnerabilities Message-ID: <201008101937.o7AJbBmq025736@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Microsoft Windows SMB Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40935 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40935/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40935 RELEASE DATE: 2010-08-10 DISCUSS ADVISORY: http://secunia.com/advisories/40935/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40935/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40935 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. 1) An error when validating certain Server Message Block (SMB) fields can be exploited to cause a SMB pool overflow via a specially crafted packet to a system running the Server service. Successful exploitation may allow execution of arbitrary code. 2) A variable validation error when parsing Server Message Block (SMB) packets can be exploited to cause a system running the Server service to stop responding via a specially crafted SMB packet. 3) An error when handling Server Message Block (SMB) version 2 compounded requests can be exploited to cause a system running the Server service to stop responding via a specially crafted SMB packet. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Laurent Gaffie, stratsec. 2) Reported by the vendor. 3) The vendor credits Todd Wease and Richard Johnson of Sourcefire VRT and Riku Hietamaki and Joshua Morin of Codenomicon. ORIGINAL ADVISORY: MS10-054 (KB982214): http://www.microsoft.com/technet/security/Bulletin/MS10-054.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 10 13:27:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 10 Aug 2010 22:27:34 +0200 Subject: [SEC] [SA40817] Microsoft Windows Tracing Feature for Services Privilege Escalation Message-ID: <201008102027.o7AKRY0w013596@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Microsoft Windows Tracing Feature for Services Privilege Escalation SECUNIA ADVISORY ID: SA40817 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40817/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40817 RELEASE DATE: 2010-08-10 DISCUSS ADVISORY: http://secunia.com/advisories/40817/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40817/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40817 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges. 1) Insecure permissions are set for the Tracing Feature for Services registry keys. This can be exploited to manipulate certain registry keys and gain LocalSystem privileges by changing subkeys in "HKLM\Software\Microsoft\Tracing". 2) An error in the Tracing Feature for Services can be exploited to corrupt memory via overly long strings read from the registry and can be exploited to execute arbitrary code with system-level privileges. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) Cesar Cerrudo, Argeniss. 2) The vendor credits Cesar Cerrudo, Argeniss. ORIGINAL ADVISORY: MS10-059 (KB982799): http://www.microsoft.com/technet/security/Bulletin/MS10-059.mspx Argeniss: http://www.argeniss.com/research/TokenKidnappingRevengePaper.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 10 14:21:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 10 Aug 2010 23:21:31 +0200 Subject: [SEC] [SA40878] Microsoft Windows win32k.sys Driver Denial of Service and Privilege Escalation Message-ID: <201008102121.o7ALLVPa003483@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Microsoft Windows win32k.sys Driver Denial of Service and Privilege Escalation SECUNIA ADVISORY ID: SA40878 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40878/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40878 RELEASE DATE: 2010-08-10 DISCUSS ADVISORY: http://secunia.com/advisories/40878/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40878/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40878 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges. 1) Improper validation of an argument passed to a system call in win32k.sys can be exploited to cause a vulnerable system to become unresponsive and restart. 2) An error in the exception handling in win32k.sys can be exploited to execute arbitrary code in kernel-mode. 3) Memory is not properly allocated by win32k.sys when copying data from user mode, which can be exploited to cause a pool overflow and execute arbitrary code in kernel-mode. 4) Improper validation of input passed from user mode in win32k.sys can be exploited to execute arbitrary code in kernel-mode. 5) Pseudo handles in callback parameters when creating a new window are not properly validated by win32k.sys, which can be exploited to execute arbitrary code in kernel-mode. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Tavis Ormandy, Google. 2) Reported by the vendor. 3,4) The vendor credits Matthieu Suiche, MoonSols. 5) The vendor credits Nicolas Economou, Core Security Technologies. ORIGINAL ADVISORY: MS10-048 (KB2160329): http://www.microsoft.com/technet/security/Bulletin/MS10-048.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 10 14:42:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 10 Aug 2010 23:42:17 +0200 Subject: [SEC] [SA40936] Microsoft Windows Cinepak Codec Decompression Vulnerability Message-ID: <201008102142.o7ALgH0N024277@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Microsoft Windows Cinepak Codec Decompression Vulnerability SECUNIA ADVISORY ID: SA40936 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40936/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40936 RELEASE DATE: 2010-08-10 DISCUSS ADVISORY: http://secunia.com/advisories/40936/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40936/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40936 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the Cinepak codec (iccvid.dll) within the "CVDecompress()" function when processing RGB palette data and can be exploited via a specially crafted VIDC compressed stream in an AVI file. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: An anonymous person, reported via ZDI. ORIGINAL ADVISORY: MS10-055 (KB982665): http://www.microsoft.com/technet/security/Bulletin/MS10-055.mspx ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-148/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 10 14:59:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 10 Aug 2010 23:59:20 +0200 Subject: [SEC] [SA40937] Microsoft Office Word Multiple Vulnerabilities Message-ID: <201008102159.o7ALxKVT012603@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Microsoft Office Word Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40937 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40937/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40937 RELEASE DATE: 2010-08-10 DISCUSS ADVISORY: http://secunia.com/advisories/40937/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40937/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40937 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft Office Word, which can be exploited by malicious people to compromise a user's system. 1) An unspecified error when parsing records can be exploited to corrupt memory via a specially crafted Word file. 2) An error when handling certain properties of rich text data can be exploited to corrupt memory via a specially crafted RTF file. 3) An error when parsing certain properties of rich text data can be exploited to cause a buffer overflow via a specially crafted RTF file. 4) An error when handling HTML linked objects can be exploited to corrupt memory via a specially crafted Word file. Successful exploitation of the vulnerabilities allows execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits L.W.Z of team509 via ZDI. 2) The vendor credits Wushi of team509 via VeriSign iDefense Labs. 3) The vendor credits team509 via iDefense. 4) The vendor credits Rodrigo Rubira Branco, Check Point IPS Research. ORIGINAL ADVISORY: MS10-056 (KB2092914, KB2251389, KB2251399, KB2251419, KB2251437, KB2269638, KB2277947, KB2284162, KB2284171, KB2284179): http://www.microsoft.com/technet/security/Bulletin/MS10-056.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 10 15:25:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 11 Aug 2010 00:25:27 +0200 Subject: [SEC] [SA40934] Microsoft Windows MPEG Layer-3 Audio Decoder Buffer Overflow Message-ID: <201008102225.o7AMPRiN001180@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Microsoft Windows MPEG Layer-3 Audio Decoder Buffer Overflow SECUNIA ADVISORY ID: SA40934 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40934/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40934 RELEASE DATE: 2010-08-11 DISCUSS ADVISORY: http://secunia.com/advisories/40934/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40934/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40934 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the Microsoft DirectShow MP3 filter (l3codecx.ax) when parsing MPEG Layer-3 audio streams and can be exploited to cause a heap-based buffer overflow via a specially crafted audio file. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Moritz Jodeit of n.runs, reported via ZDI. ORIGINAL ADVISORY: MS10-052 (KB2115168): http://www.microsoft.com/technet/security/Bulletin/MS10-052.mspx ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-147/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 10 15:44:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 11 Aug 2010 00:44:09 +0200 Subject: [SEC] [SA40904] Windows TCP/IP Implementation Denial of Service and Privilege Escalation Message-ID: <201008102244.o7AMi9hn021941@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Windows TCP/IP Implementation Denial of Service and Privilege Escalation SECUNIA ADVISORY ID: SA40904 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40904/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40904 RELEASE DATE: 2010-08-11 DISCUSS ADVISORY: http://secunia.com/advisories/40904/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40904/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40904 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to cause a DoS (Denial of Service). 1) An error in the TCP/IP stack can be exploited via a small number of IPv6 packets with specially crafted extension headers to cause a vulnerable system to stop responding. Successful exploitation requires that IPv6 features are enabled (enabled by default in Windows Vista and Windows Server 2008). 2) An integer overflow error in the TCP/IP stack when processing a specific input buffer can be exploited by a local user to execute arbitrary code with system-level privileges. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Darren Willis, Fourteenforty Research Institute. 2) The vendor credits Matthieu Suiche, MoonSols. ORIGINAL ADVISORY: MS10-058 (KB978886): http://www.microsoft.com/technet/security/bulletin/ms10-058.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 10 16:11:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 11 Aug 2010 01:11:30 +0200 Subject: [SEC] [SA40895] Microsoft Internet Explorer Multiple Vulnerabilities Message-ID: <201008102311.o7ANBUnG010632@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Microsoft Internet Explorer Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40895 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40895/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40895 RELEASE DATE: 2010-08-11 DISCUSS ADVISORY: http://secunia.com/advisories/40895/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40895/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40895 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information or compromise a user's system. 1) The application incorrectly interprets the origin of scripts, which can be exploited to gain access to a browser windows in another domain or Internet Explorer zone. Successful exploitation requires certain user interaction with the browser window. 2) An error when attempting to access uninitialised or deleted objects can be exploited to corrupt memory. 3) An error when attempting to access uninitialised or deleted objects can be exploited to corrupt memory. This vulnerability affects Internet Explorer 6 only. 4) A race condition error when accessing objects can be exploited to corrupt memory. 5) An error when exists when attempting to access uninitialised memory related to HTML layouts and can be exploited to corrupt memory. 6) Another error when attempting to access uninitialised or deleted objects can be exploited to corrupt memory. This vulnerability affects Internet Explorer 8 only. Vulnerabilities #2 through #6 may allow execution of arbitrary code e.g. when a user views a specially crafted web page. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) David Bloom, Google. 2-5) Nicolas Joly, Vupen 6) Gambino ZaDarkSide ORIGINAL ADVISORY: MS10-053 (KB2183461): http://www.microsoft.com/technet/security/Bulletin/MS10-053.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 10 16:45:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 11 Aug 2010 01:45:12 +0200 Subject: [SEC] [SA40879] Microsoft Windows SChannel Two Vulnerabilities Message-ID: <201008102345.o7ANjCpa032007@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Microsoft Windows SChannel Two Vulnerabilities SECUNIA ADVISORY ID: SA40879 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40879/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40879 RELEASE DATE: 2010-08-11 DISCUSS ADVISORY: http://secunia.com/advisories/40879/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40879/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40879 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to manipulate certain data or to compromise a vulnerable system. 1) An unspecified error exists in SChannel when processing certificate request messages on a client machine. This may be exploited to execute arbitrary code e.g. when a user visits a specially crafted web site. 2) An error in the TLS and SSL protocols while handling session renegotiations can be exploited to manipulate certain data. For more information: SA38365 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor. 2) Marsh Ray and Steve Dispensa, PhoneFactor. ORIGINAL ADVISORY: MS10-049 (KB980436): http://www.microsoft.com/technet/security/Bulletin/MS10-049.mspx Microsoft: http://www.microsoft.com/technet/security/advisory/977377.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 10 17:11:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 11 Aug 2010 02:11:28 +0200 Subject: [SEC] [SA40871] Microsoft Windows Kernel Denial of Service and Privilege Escalation Message-ID: <201008110011.o7B0BSup020667@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Microsoft Windows Kernel Denial of Service and Privilege Escalation SECUNIA ADVISORY ID: SA40871 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40871/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40871 RELEASE DATE: 2010-08-11 DISCUSS ADVISORY: http://secunia.com/advisories/40871/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40871/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40871 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges. 1) A race condition error in the kernel when handling certain thread creation attempts may allow execution of arbitrary code in kernel mode. 2) A double-free error in the kernel when initialising objects while handling certain errors may allow execution of arbitrary code in kernel mode. 3) An error in the kernel when validating access control lists on kernel objects can be exploited to cause a vulnerable system to become unresponsive and restart. NOTE: Windows XP Professional x64 Edition SP2 is not affected by any of the vulnerabilities. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Tavis Ormandy, Google. ORIGINAL ADVISORY: MS10-047 (KB981852): http://www.microsoft.com/technet/security/bulletin/MS10-047.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 10 17:44:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 11 Aug 2010 02:44:32 +0200 Subject: [SEC] [SA40872] Microsoft .NET Framework / Silverlight Code Execution Vulnerabilities Message-ID: <201008110044.o7B0iWFm009618@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Microsoft .NET Framework / Silverlight Code Execution Vulnerabilities SECUNIA ADVISORY ID: SA40872 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40872/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40872 RELEASE DATE: 2010-08-11 DISCUSS ADVISORY: http://secunia.com/advisories/40872/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40872/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40872 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Microsoft .NET Framework and Silverlight, which can be exploited by malicious people to compromise a vulnerable system. 1) An error in the way Silverlight handles pointers can be exploited to corrupt memory by tricking a user into visiting a web site containing specially crafted Silverlight content. Successful exploitation allows execution of arbitrary code. NOTE: This vulnerability affects Silverlight 3 only. 2) An error in the .NET Framework when the CLR (Common Language Runtime) handles delegates to virtual methods can be exploited by a specially crafted .NET application or Silverlight application to execute arbitrary unmanaged code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Carsten Book, Mozilla Corporation. 2) The vendor credits Eamon Nerbonne. ORIGINAL ADVISORY: MS10-060 (KB978464, KB982926, KB983582, KB983583, KB983587, KB983588, KB983589, KB983590, KB2265906): http://www.microsoft.com/technet/security/bulletin/MS10-060.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 10 18:09:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 11 Aug 2010 03:09:18 +0200 Subject: [SEC] [SA38931] Microsoft Windows Movie Maker String Parsing Buffer Overflow Message-ID: <201008110109.o7B19Ipw030590@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Microsoft Windows Movie Maker String Parsing Buffer Overflow SECUNIA ADVISORY ID: SA38931 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/38931/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=38931 RELEASE DATE: 2010-08-11 DISCUSS ADVISORY: http://secunia.com/advisories/38931/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/38931/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=38931 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered a vulnerability in Windows Movie Maker, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to boundary errors when parsing strings in imported project files (.MSWMM) and can be exploited to cause a buffer overflow. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Dyon Balding, Secunia Research. ORIGINAL ADVISORY: MS10-050 (KB981997): http://www.microsoft.com/technet/security/bulletin/MS10-050.mspx Secunia Research: http://secunia.com/secunia_research/2010-66/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 10 18:23:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 11 Aug 2010 03:23:24 +0200 Subject: [SEC] [SA40891] Allinta Multiple Vulnerabilities Message-ID: <201008110123.o7B1NOdt018686@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Allinta Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40891 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40891/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40891 RELEASE DATE: 2010-08-11 DISCUSS ADVISORY: http://secunia.com/advisories/40891/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40891/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40891 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Allinta, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) Input passed via the "ss" and "lang_URL" parameters to languageselect.asp and "i" parameter to menuCodeAE.asp and faqAE.asp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "i" parameter to templatesAE.asp and contentAE.asp (when "m" is set to "edit") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 3) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. delete content from the website by tricking a logged in administrator into visiting a malicious website. NOTE: Vulnerabilities #1 and #2 can be used in conjunction with vulnerability #3. SOLUTION: Edit the source code to ensure that input is properly sanitised. Do not browse untrusted sites, or follow untrusted links while logged in to the application. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1, 2) HTBridge 3) An anonymous person ORIGINAL ADVISORY: HTB22528: http://www.htbridge.ch/advisory/xss_vulnerability_in_allinta_cms.html HTB22529: http://www.htbridge.ch/advisory/xss_vulnerability_in_allinta_cms_1.html HTB22530: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_allinta_cms.html HTB22531: http://www.htbridge.ch/advisory/xss_vulnerability_in_allinta_cms_2.html HTB22532: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_allinta_cms_1.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 10 18:44:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 11 Aug 2010 03:44:09 +0200 Subject: [SEC] [SA40750] Microsoft Office Excel Unspecified Memory Corruption Vulnerability Message-ID: <201008110144.o7B1i9IB007078@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Microsoft Office Excel Unspecified Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA40750 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40750/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40750 RELEASE DATE: 2010-08-11 DISCUSS ADVISORY: http://secunia.com/advisories/40750/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40750/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40750 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error when parsing Excel files and can be exploited to corrupt memory. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Damian Frizza, Core Security Technologies. ORIGINAL ADVISORY: MS10-057 (KB2269707, KB2284162, KB2284171, KB2284179, KB2264397, KB2264403): http://www.microsoft.com/technet/security/bulletin/MS10-057.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 10 19:14:53 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 11 Aug 2010 04:14:53 +0200 Subject: [SEC] [SA40850] FuseTalk "keyword" Cross-Site Scripting Vulnerability Message-ID: <201008110214.o7B2EraG028813@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: FuseTalk "keyword" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA40850 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40850/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40850 RELEASE DATE: 2010-08-11 DISCUSS ADVISORY: http://secunia.com/advisories/40850/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40850/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40850 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in FuseTalk, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "keyword" parameter in usersearchresults.cfm is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in FuseTalk Enterprise Edition 3.2 (ColdFusion). Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: Martin Hall ORIGINAL ADVISORY: http://www.thetestmanager.com/blog/2010/08/03/full-disclosure-multiple-xss-holes-in-fusetalk-forum-software/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 10 19:42:45 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 11 Aug 2010 04:42:45 +0200 Subject: [SEC] [SA40933] Joomla! Teams Component "PlayerID" SQL Injection Vulnerability Message-ID: <201008110242.o7B2gjp4017534@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Joomla! Teams Component "PlayerID" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA40933 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40933/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40933 RELEASE DATE: 2010-08-11 DISCUSS ADVISORY: http://secunia.com/advisories/40933/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40933/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40933 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Salvatore Fresta has discovered a vulnerability in the Teams component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "PlayerID" parameter to index.php (when "option" is set to "com_teams", "task" is set to "save", and "controller" is set to "player") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Salvatore Fresta aka Drosophila ORIGINAL ADVISORY: http://adv.salvatorefresta.net/Teams_1_1028_100809_1711_Joomla_Component_Multiple_Blind_SQL_Injection_Vulnerabilities-10082010.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 10 19:54:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 11 Aug 2010 04:54:35 +0200 Subject: [SEC] [SA40897] SiteLoom CMS "mailform_1" Cross-Site Scripting Vulnerability Message-ID: <201008110254.o7B2sZkq005507@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: SiteLoom CMS "mailform_1" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA40897 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40897/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40897 RELEASE DATE: 2010-08-11 DISCUSS ADVISORY: http://secunia.com/advisories/40897/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40897/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40897 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has reported a vulnerability in SiteLoom CMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "mailform_1" parameter in index.php (when "pageid" is set to a valid value) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Reportedly a patch has been released. Contact the vendor for further information. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22516: http://www.htbridge.ch/advisory/xss_vulnerability_in_siteloom_cms.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 10 20:07:55 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 11 Aug 2010 05:07:55 +0200 Subject: [SEC] [SA40886] Ubuntu update for openldap Message-ID: <201008110307.o7B37tDs025983@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Ubuntu update for openldap SECUNIA ADVISORY ID: SA40886 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40886/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40886 RELEASE DATE: 2010-08-11 DISCUSS ADVISORY: http://secunia.com/advisories/40886/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40886/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40886 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for openldap. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA40639 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-965-1: http://www.ubuntu.com/usn/usn-965-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 10 20:21:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 11 Aug 2010 05:21:25 +0200 Subject: [SEC] [SA40888] Ubuntu update for w3m Message-ID: <201008110321.o7B3LP0i014044@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Ubuntu update for w3m SECUNIA ADVISORY ID: SA40888 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40888/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40888 RELEASE DATE: 2010-08-11 DISCUSS ADVISORY: http://secunia.com/advisories/40888/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40888/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40888 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for w3m. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks. For more information: SA40134 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-967-1 : http://www.ubuntu.com/usn/usn-967-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 10 20:42:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 11 Aug 2010 05:42:30 +0200 Subject: [SEC] [SA40883] Microsoft Windows TLS/SSL Session Renegotiation Plaintext Injection Vulnerability Message-ID: <201008110342.o7B3gUlS002410@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Microsoft Windows TLS/SSL Session Renegotiation Plaintext Injection Vulnerability SECUNIA ADVISORY ID: SA40883 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40883/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40883 RELEASE DATE: 2010-08-11 DISCUSS ADVISORY: http://secunia.com/advisories/40883/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40883/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40883 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to manipulate certain data. The vulnerability is caused due to an error in the TLS and SSL protocols while handling session renegotiations. This can be exploited via Man-in-the-Middle (MitM) attacks to insert arbitrary plaintext before data sent by a legitimate client in an existing TLS session. This is related to: SA37291 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Marsh Ray and Steve Dispensa, PhoneFactor. ORIGINAL ADVISORY: MS10-049 (KB980436): http://www.microsoft.com/technet/security/Bulletin/MS10-049.mspx Microsoft: http://www.microsoft.com/technet/security/advisory/977377.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 11 10:27:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 11 Aug 2010 19:27:39 +0200 Subject: [SEC] [SA40825] Microsoft Windows Service Isolation Bypass Security Issue Message-ID: <201008111727.o7BHRdZD013128@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Microsoft Windows Service Isolation Bypass Security Issue SECUNIA ADVISORY ID: SA40825 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40825/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40825 RELEASE DATE: 2010-08-11 DISCUSS ADVISORY: http://secunia.com/advisories/40825/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40825/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40825 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to an error in the Windows Service Isolation feature, which can be exploited by a process with NetworkService privileges to gain LocalSystem privileges. Successful exploitation requires e.g. that an attacker can control web content hosted on an IIS server or has SQL Server administrative privileges. SOLUTION: Do not run critical services with NetworkService privileges and apply the non-security update (please see the vendor advisories for details). Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Cesar Cerrudo, Argeniss. ORIGINAL ADVISORY: Microsoft: http://www.microsoft.com/technet/security/advisory/2264072.mspx http://support.microsoft.com/kb/982316 http://support.microsoft.com/kb/2264072 Argeniss: http://argeniss.com/research/TokenKidnappingRevengePaper.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 11 11:27:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 11 Aug 2010 20:27:36 +0200 Subject: [SEC] [SA40950] TYPO3 Questionnaire Extension Cross-Site Scripting and SQL Injection Vulnerabilities Message-ID: <201008111827.o7BIRa5S003299@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: TYPO3 Questionnaire Extension Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA40950 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40950/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40950 RELEASE DATE: 2010-08-11 DISCUSS ADVISORY: http://secunia.com/advisories/40950/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40950/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40950 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in the Questionnaire extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in versions prior to 2.2.3. SOLUTION: Update to version 2.2.3 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits Patrick Broens. ORIGINAL ADVISORY: TYPO3-SA-2010-015: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 11 12:27:51 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 11 Aug 2010 21:27:51 +0200 Subject: [SEC] [SA40940] SopCast WebPlayer ActiveX Control "SetSopAddress" Buffer Overflow Vulnerability Message-ID: <201008111927.o7BJRp69025884@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: SopCast WebPlayer ActiveX Control "SetSopAddress" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA40940 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40940/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40940 RELEASE DATE: 2010-08-11 DISCUSS ADVISORY: http://secunia.com/advisories/40940/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40940/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40940 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Sud0 has discovered a vulnerability in SopCast WebPlayer ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in sopocx.ocx when handling the "ChannelName" property value and can be exploited to cause a stack-based buffer overflow via a specially crafted "sop://" URL string. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 3.2.9. Other versions may also be affected. SOLUTION: Set the kill-bit for the affected ActiveX control. PROVIDED AND/OR DISCOVERED BY: Sud0 ORIGINAL ADVISORY: http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-059-sopcast-unicode-bof-remote-exploit/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 11 13:27:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 11 Aug 2010 22:27:38 +0200 Subject: [SEC] [SA40354] glpng PNG Processing Integer Overflow Vulnerabilities Message-ID: <201008112027.o7BKRcOp016046@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: glpng PNG Processing Integer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA40354 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40354/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40354 RELEASE DATE: 2010-08-11 DISCUSS ADVISORY: http://secunia.com/advisories/40354/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40354/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40354 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered two vulnerabilities in glpng, which can be exploited by malicious people to compromise an application using the library. 1) An integer overflow error within the "pngLoadRawF()" function in glpng.c can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted PNG file in an application using the library. 2) An integer overflow error within the "pngLoadF()" function in glpng.c can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted PNG file in an application using the library. The vulnerabilities are confirmed in version 1.45. Other versions may also be affected. SOLUTION: Use another library. PROVIDED AND/OR DISCOVERED BY: Secunia Research ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2010-87/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 11 14:21:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 11 Aug 2010 23:21:29 +0200 Subject: [SEC] [SA40910] Adobe Flash Media Server Multiple Vulnerabilities Message-ID: <201008112121.o7BLLTd5005929@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Adobe Flash Media Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40910 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40910/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40910 RELEASE DATE: 2010-08-11 DISCUSS ADVISORY: http://secunia.com/advisories/40910/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40910/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40910 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Adobe Flash Media Server, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. 1) An unspecified error exists in a JS method, which can be exploited to cause a DoS. 2) An unspecified error exists in a JS method, which can be exploited to execute arbitrary code. 3) An unspecified error can be exploited to exhaust available resources and render a server unresponsive. 4) An input sanitation error can be exploited to cause a DoS. The vulnerabilities are reported in versions prior to 3.5.4 and 3.0.6. SOLUTION: Update to version 3.5.4 or 3.0.6. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Dirk Neely of Stickam. ORIGINAL ADVISORY: http://www.adobe.com/support/security/bulletins/apsb10-19.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 11 14:42:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 11 Aug 2010 23:42:49 +0200 Subject: [SEC] [SA40951] TYPO3 Branchenbuch (Yellow Pages) Extension Cross-Site Scripting Vulnerability Message-ID: <201008112142.o7BLgnKG026770@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: TYPO3 Branchenbuch (Yellow Pages) Extension Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA40951 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40951/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40951 RELEASE DATE: 2010-08-11 DISCUSS ADVISORY: http://secunia.com/advisories/40951/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40951/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40951 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Branchenbuch (Yellow Pages) extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 0.9.1. SOLUTION: Update to version 0.9.1. PROVIDED AND/OR DISCOVERED BY: The vendor credits Marcus Krause, TYPO3 Security Team. ORIGINAL ADVISORY: TYPO3-SA-2010-015: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-015/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 11 15:01:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 12 Aug 2010 00:01:25 +0200 Subject: [SEC] [SA40917] Google Chrome Update for Flash Plugin Message-ID: <201008112201.o7BM1PR0015170@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Google Chrome Update for Flash Plugin SECUNIA ADVISORY ID: SA40917 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40917 RELEASE DATE: 2010-08-11 DISCUSS ADVISORY: http://secunia.com/advisories/40917/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40917/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40917 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Google has issued an update for the Flash plugin for Google Chrome. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA40907 SOLUTION: Update to version 5.0.375.126. ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2010/08/stable-channel-update.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 11 15:25:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 12 Aug 2010 00:25:24 +0200 Subject: [SEC] [SA40939] Play Framework One File Disclosure Vulnerability Message-ID: <201008112225.o7BMPOdG003717@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Play Framework One File Disclosure Vulnerability SECUNIA ADVISORY ID: SA40939 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40939/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40939 RELEASE DATE: 2010-08-12 DISCUSS ADVISORY: http://secunia.com/advisories/40939/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40939/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40939 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Play Framework, which can be exploited by malicious people to disclose sensitive information. Input passed via a request, e.g. after "public/", is not properly verified before being used to read files. This can be exploited to download arbitrary files from local resources via directory traversal sequences. Successful exploitation requires that the affected directory has "staticDir:public" mapping in "conf/routes". The vulnerability is confirmed in version 1.0.3.1. Other versions may also be affected. SOLUTION: Update to version 1.0.3.2. PROVIDED AND/OR DISCOVERED BY: kripthor ORIGINAL ADVISORY: Play Framework: http://groups.google.com/group/play-framework/msg/32be1c3b8a221cb7 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 11 15:46:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 12 Aug 2010 00:46:05 +0200 Subject: [SEC] [SA40908] dbus-glib D-Bus GLib Bindings Property Access Security Bypass Message-ID: <201008112246.o7BMk5pf024519@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: dbus-glib D-Bus GLib Bindings Property Access Security Bypass SECUNIA ADVISORY ID: SA40908 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40908/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40908 RELEASE DATE: 2010-08-12 DISCUSS ADVISORY: http://secunia.com/advisories/40908/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40908/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40908 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in dbus-glib D-Bus GLib Bindings, which can be exploited by malicious, local users to bypass certain security features. The security issue is caused due to the library not properly honoring property access specifications, which can be exploited to e.g. modify exported properties, although they are intended to be read only. SOLUTION: Fixed in the "rhel5" branch of the GIT repository. Applications using the library may have to be rebuilt using a patched version of the library. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Red Hat ORIGINAL ADVISORY: https://bugzilla.redhat.com/show_bug.cgi?id=585394 http://cgit.freedesktop.org/dbus/dbus-glib/commit/?h=rhel5&id=9a6bce9b615abca6068348c1606ba8eaf13d9ae0 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 11 16:12:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 12 Aug 2010 01:12:19 +0200 Subject: [SEC] [SA40909] Adobe ColdFusion Directory Traversal Vulnerability Message-ID: <201008112312.o7BNCJkT013170@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Adobe ColdFusion Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA40909 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40909/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40909 RELEASE DATE: 2010-08-12 DISCUSS ADVISORY: http://secunia.com/advisories/40909/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40909/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40909 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Richard Brain has reported a vulnerability in Adobe ColdFusion, which can be exploited by malicious people to disclose sensitive information. Certain unspecified input passed to the ColdFusion Administrator page is not properly sanitised before being used. This can be exploited to disclose certain data via directory traversal attacks. The vulnerability is reported in versions 8.0, 8.0.1, 9.0, 9.0.1, and prior. SOLUTION: Apply the HotFix. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Richard Brain, ProCheckUp Ltd. ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/security/bulletins/apsb10-18.html ProCheckUp: http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0128.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 11 16:44:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 12 Aug 2010 01:44:03 +0200 Subject: [SEC] [SA40938] Red Hat update for kernel Message-ID: <201008112344.o7BNi38J002010@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Red Hat update for kernel SECUNIA ADVISORY ID: SA40938 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40938/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40938 RELEASE DATE: 2010-08-12 DISCUSS ADVISORY: http://secunia.com/advisories/40938/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40938/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40938 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for the kernel. This fixes a security issue and some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, and conduct DNS cache poisoning attacks, by malicious users in a Xen guest virtual machine to cause a DoS, and by malicious people to cause a DoS. For more information: SA38499 SA39982 SA40205 SA40691 1) Errors within the implementation of the External Data Representation (XDR) for NFSv4 can be exploited to cause a kernel panic and potentially execute arbitrary code by sending specially crafted compound requests to the NFSv4 server. 2) An error within the Xen hypervisor can be exploited to crash the guest by setting the BE (Big Endian) flag of the PSR (Processor Status Register). Note: This only affects Intel Itanium systems. SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: https://rhn.redhat.com/errata/RHSA-2010-0610.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 11 17:11:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 12 Aug 2010 02:11:39 +0200 Subject: [SEC] [SA40944] Fedora update for iputils Message-ID: <201008120011.o7C0BdQr023186@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Fedora update for iputils SECUNIA ADVISORY ID: SA40944 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40944/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40944 RELEASE DATE: 2010-08-12 DISCUSS ADVISORY: http://secunia.com/advisories/40944/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40944/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40944 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for iputils. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service). The weakness is caused due to an error within the "ping" utility when processing certain echo reply packets. This can be exploited to e.g. cause a high CPU usage by tricking a user into pinging a malicious server. SOLUTION: Apply updated packages using the yum utility ("yum update iputils"). ORIGINAL ADVISORY: FEDORA-2010-12273: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045280.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 11 17:44:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 12 Aug 2010 02:44:21 +0200 Subject: [SEC] [SA40925] Red Hat update for dbus-glib Message-ID: <201008120044.o7C0iLjp012126@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Red Hat update for dbus-glib SECUNIA ADVISORY ID: SA40925 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40925/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40925 RELEASE DATE: 2010-08-12 DISCUSS ADVISORY: http://secunia.com/advisories/40925/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40925/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40925 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for dbus-glib. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security features. For more information: SA40908 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010-0616: https://rhn.redhat.com/errata/RHSA-2010-0616.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 11 18:10:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 12 Aug 2010 03:10:03 +0200 Subject: [SEC] [SA40907] Adobe Flash Player Multiple Vulnerabilities Message-ID: <201008120110.o7C1A3U4000708@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Adobe Flash Player Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40907 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40907/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40907 RELEASE DATE: 2010-08-12 DISCUSS ADVISORY: http://secunia.com/advisories/40907/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40907/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40907 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to conduct click-jacking attacks or compromise a user's system. 1) An error in the ActionScript Virtual Machine 1 (AVM1) when handling the "ActionPush" command can be exploited to corrupt memory. 2) Unspecified errors can be exploited to corrupt memory. No more information is currently available. 3) An unspecified error can be exploited to corrupt memory. No more information is currently available. 4) An error in the "connect" method exposed via ActionScript native object number 2200 can be exploited to corrupt memory by calling the method several times with differing strings. 5) An unspecified error can be exploited to corrupt memory. No more information is currently available. Successful exploitation of vulnerabilities #1 through #5 may allow execution of arbitrary code. 6) A click-jacking error can be exploited to trick a user into performing unintended actions. SOLUTION: Update to a fixed version. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) Will Dormann, CERT/CC. 2,3) The vendor credits Will Dormann, CERT/CC. 4) Damian Put, reported via ZDI. 5) The vendor credits Lenovo Security Technologies (Beijing). 6) The vendor credits J?ran Benker. ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/security/bulletins/apsb10-16.html ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-149 US-CERT VU#660993: http://www.kb.cert.org/vuls/id/660993 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 11 18:23:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 12 Aug 2010 03:23:08 +0200 Subject: [SEC] [SA40943] Fedora update for openconnect Message-ID: <201008120123.o7C1N8sq021226@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Fedora update for openconnect SECUNIA ADVISORY ID: SA40943 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40943/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40943 RELEASE DATE: 2010-08-12 DISCUSS ADVISORY: http://secunia.com/advisories/40943/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40943/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40943 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for openconnect. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA40787 SOLUTION: Apply updated packages using the yum utility ("yum update openconnect"). ORIGINAL ADVISORY: FEDORA-2010-12253: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045278.html FEDORA-2010-12257: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045304.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 12 10:27:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 12 Aug 2010 19:27:47 +0200 Subject: [SEC] [SA40931] Pligg Multiple SQL Injection Vulnerabilities Message-ID: <201008121727.o7CHRlZB032169@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Pligg Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA40931 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40931/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40931 RELEASE DATE: 2010-08-12 DISCUSS ADVISORY: http://secunia.com/advisories/40931/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40931/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40931 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in Pligg, which can be exploited by malicious users and malicious people to conduct SQL injection attacks. 1) Input passed to the "title" parameter in storyrss.php and story.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed to the "role" parameter in groupadmin.php (when "id" and "userid" are set is) not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 1.1.0. Other versions may also be affected. SOLUTION: Update to version 1.1.1. PROVIDED AND/OR DISCOVERED BY: 1) Secunia Research 2) Reported by the vendor ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2010-111/ Pligg: http://www.pligg.com/blog/991/pligg-cms-1-1-1-release/ http://pligg.svn.sourceforge.net/viewvc/pligg/trunk/groupadmin.php?view=log&pathrev=2143 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 12 11:27:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 12 Aug 2010 20:27:58 +0200 Subject: [SEC] [SA40930] Drupal Multiple Vulnerabilities Message-ID: <201008121827.o7CIRw7u022356@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Drupal Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40930 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40930/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40930 RELEASE DATE: 2010-08-12 DISCUSS ADVISORY: http://secunia.com/advisories/40930/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40930/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40930 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and some vulnerabilities have been reported in Drupal, which can be exploited by malicious users to conduct script insertion attacks, and by malicious users and malicious people to bypass certain security restrictions. 1) A vulnerability in the OpenID module is caused due to incorrect protocol implementation. This can be exploited to harvest positive assertions from OpenID providers and e.g. bypass the login mechanism by replaying intercepted assertions. 2) The weakness is caused due to an error in the upload module, which does not properly check uploaded file names for case sensitivity and grants access to the earlier uploaded file. This can be exploited to download otherwise restricted files by uploading similarly named file with different letter casing. 3) An error in the comment module does not properly check for access permissions before republishing previously unpublished comments. Successful exploitation of this vulnerability requires "post comments without approval" permissions. 4) Input passed via descriptions and messages while using the actions feature is not properly sanitised before being displayed to the user via nodes and taxonomy terms. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation of this vulnerability requires "administer actions" permissions. The weakness and the vulnerabilities are reported in versions prior to 6.18 or 6.19 and 5.23. NOTE: Vulnerabilities #1 and #4 only affect version 6.x. SOLUTION: Update to the latest version. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Johnny Bufu, Christian Schmidt, and Heine Deelstra, Drupal Security Team. 2) The vendor credits Wolfgang Ziegler. 3) The vendor credits Heine Deelstra, Drupal Security Team. 4) The vendor credits Justin Klein Keane and Heine Deelstra, Drupal Security Team. ORIGINAL ADVISORY: SA-CORE-2010-002: http://drupal.org/node/880476 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 12 12:27:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 12 Aug 2010 21:27:33 +0200 Subject: [SEC] [SA40948] Drupal FileField Sources Module Arbitrary Code Execution Vulnerability Message-ID: <201008121927.o7CJRXL3012519@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Drupal FileField Sources Module Arbitrary Code Execution Vulnerability SECUNIA ADVISORY ID: SA40948 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40948/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40948 RELEASE DATE: 2010-08-12 DISCUSS ADVISORY: http://secunia.com/advisories/40948/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40948/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40948 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the FileField Sources module for Drupal, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to the module not properly sanitising file extensions when transferring files from a remote server. This can be exploited to transfer scripts to the server and potentially execute arbitrary PHP code. Successful exploitation requires create or edit permissions on a node that has a "FileField" with "FileField Sources" configured for it. The vulnerability is reported in versions prior to 6.x-1.2. SOLUTION: Update to version 6.x-1.2. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Apa Sajja. ORIGINAL ADVISORY: SA-CONTRIB-2010-081: http://drupal.org/node/880386 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 12 13:27:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 12 Aug 2010 22:27:49 +0200 Subject: [SEC] [SA40947] Drupal Ubercart Module Multiple Vulnerabilities Message-ID: <201008122027.o7CKRnWB002689@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Drupal Ubercart Module Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40947 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40947/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40947 RELEASE DATE: 2010-08-12 DISCUSS ADVISORY: http://secunia.com/advisories/40947/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40947/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40947 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in the Ubercart module for Drupal, which can be exploited by malicious people to bypass certain security restrictions and to conduct cross-site request forgery attacks. 1) A vulnerability exists due to the Paypal component not properly verifying payment notification information. This can be exploited to send payment to a different Paypal account via specially crafted HTTP requests. 2) A vulnerability exists due to the 2Checkout component not properly verifying payment notification information. This can be exploited to simulate payment and order completion on arbitrary orders via specially crafted HTTP requests. 3) A vulnerability exists due to an unspecified error while enforcing access control. This can be exploited to bypass certain security restrictions. 4) The Cart Links component allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. change the items in a cart, by tricking a logged-in user into visiting a malicious web site. The vulnerabilities are reported in versions prior to 5.x-1.10 and 6.x-2.4. SOLUTION: Update to version 5.x-1.10 or later, or version 6.x-2.4 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits Greg Knaddison, Guy Paddock, and Nathan Phillip Brink ORIGINAL ADVISORY: SA-CONTRIB-2010-083: http://drupal.org/node/880396 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 12 14:21:50 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 12 Aug 2010 23:21:50 +0200 Subject: [SEC] [SA40922] 2Wire 2700HGV-2 Gateway Insecure Session ID Message-ID: <201008122121.o7CLLogn025019@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: 2Wire 2700HGV-2 Gateway Insecure Session ID SECUNIA ADVISORY ID: SA40922 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40922/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40922 RELEASE DATE: 2010-08-12 DISCUSS ADVISORY: http://secunia.com/advisories/40922/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40922/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40922 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in 2Wire 2700HGV-2 Gateway, which can be exploited by malicious people to conduct brute force attacks. The security issue is caused due to session IDs being generated insecurely, which can be exploited to brute force valid session IDs and potentially gain access to the web-based management interface. The security issue is reported in 2700HGV-2 Gateway version 5.29.117.3. Other versions may also be affected. SOLUTION: Restrict network access to the web-based management interface. PROVIDED AND/OR DISCOVERED BY: Aung Khant ORIGINAL ADVISORY: http://yehg.net/lab/pr0js/advisories/2wire/%5B2wire%5D_session_hijacking_vulnerability OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 12 14:42:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 12 Aug 2010 23:42:41 +0200 Subject: [SEC] [SA40120] Opera Multiple Vulnerabilities Message-ID: <201008122142.o7CLgfsx013426@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Opera Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40120 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40120/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40120 RELEASE DATE: 2010-08-12 DISCUSS ADVISORY: http://secunia.com/advisories/40120/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40120/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40120 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability and some security issues have been reported in Opera, which can be exploited by malicious people to bypass certain security restrictions or compromise a user's system. 1) The problem is that the "Download" dialog provides the option to run a downloadable executable at a predictable location in the browser window. This can be exploited to trick a user into clicking on the "Run" button by positioning a new window on top of the "Download" dialog that is closed e.g. via a timeout shortly before the user clicks on a link within this window. This security issue is confirmed in version 10.53, 10.54, and 10.60 on Windows XP. Other versions may also be affected. NOTE: This is related to SA15781. 2) An error exists in the processing of painting operations on a canvas while certain transformations are being applied, which can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. 3) An input sanitisation error in the handling of news feed previews can be exploited to execute script code and automatically subscribe the user to the feed. SOLUTION: Update to version 10.61. PROVIDED AND/OR DISCOVERED BY: 1) Jakob Balle and Sven Krewitt, Secunia Research 2) The vendor credits Kuzzcc 3) The vendor credits Alexios Fakos ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2010-110/ Opera: http://www.opera.com/docs/changelogs/windows/1061/ http://www.opera.com/support/kb/view/966/ http://www.opera.com/support/kb/view/967/ http://www.opera.com/support/kb/view/968/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 12 15:00:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 13 Aug 2010 00:00:27 +0200 Subject: [SEC] [SA40918] Nagios XI Cross-Site Scripting and Cross-Site Request Forgery Message-ID: <201008122200.o7CM0RN4001751@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Nagios XI Cross-Site Scripting and Cross-Site Request Forgery SECUNIA ADVISORY ID: SA40918 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40918/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40918 RELEASE DATE: 2010-08-12 DISCUSS ADVISORY: http://secunia.com/advisories/40918/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40918/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40918 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Nagios XI, which can be exploited by malicious people to conduct cross-site request forgery and cross-site scripting attacks. 1) The application allows users to perform certain actions via HTTP requests without properly verifying the requests. This can be exploited to e.g. change the administrator's password by tricking a logged-in administrator into visiting a malicious website. This vulnerability is reported in version 2009R1.2B. Other versions may also be affected. 2) Unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. This vulnerability is reported in versions prior to 2009R2.1C. SOLUTION: Update to version 2009R2.1C. PROVIDED AND/OR DISCOVERED BY: 1) Adam Baldwin via ngenuity 2) Reported by the vendor. ORIGINAL ADVISORY: NGENUITY-2010-006: http://ngenuity-is.com/advisories/2010/aug/7/nagios-xi-multiple-csrf/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 12 15:25:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 13 Aug 2010 00:25:30 +0200 Subject: [SEC] [SA40915] EJBCA Admin Interface Cross-Site Scripting Vulnerabilities Message-ID: <201008122225.o7CMPUoK022810@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: EJBCA Admin Interface Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA40915 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40915/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40915 RELEASE DATE: 2010-08-13 DISCUSS ADVISORY: http://secunia.com/advisories/40915/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40915/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40915 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in EJBCA, which potentially can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input passed to the administrative interface is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. This may be related to: SA40357 SOLUTION: Update to version 3.10.4. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: https://jira.primekey.se/secure/ReleaseNote.jspa?projectId=10000&styleName=Html&version=10380 https://jira.primekey.se/browse/ECA-1724 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 12 15:45:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 13 Aug 2010 00:45:46 +0200 Subject: [SEC] [SA40946] Drupal Privatemsg Module Cross-Site Scripting Vulnerability Message-ID: <201008122245.o7CMjk4K011192@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Drupal Privatemsg Module Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA40946 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40946/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40946 RELEASE DATE: 2010-08-13 DISCUSS ADVISORY: http://secunia.com/advisories/40946/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40946/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40946 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Privatemsg module for Drupal, which can be exploited by malicious people to conduct cross-site scripting attacks. Unspecified input is not properly sanitised before being used. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 6.x-1.3. SOLUTION: Update to version 6.x-1.3 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits Ben Durbin ORIGINAL ADVISORY: SA-CONTRIB-2010-080: http://drupal.org/node/880008 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 12 16:11:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 13 Aug 2010 01:11:54 +0200 Subject: [SEC] [SA40979] ServletExec Information Disclosure and Security Bypass Vulnerabilities Message-ID: <201008122311.o7CNBsrV032254@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: ServletExec Information Disclosure and Security Bypass Vulnerabilities SECUNIA ADVISORY ID: SA40979 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40979/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40979 RELEASE DATE: 2010-08-13 DISCUSS ADVISORY: http://secunia.com/advisories/40979/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40979/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40979 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability and a security issue have been reported in ServletExec, which can be exploited by malicious people to disclose potentially sensitive information and bypass certain security restrictions. 1) Input passed to the "page" parameter in servlet/pagecompile._admin._help._helpContent_xjsp is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks. 2) The security issue is caused due to missing authentication to the pre-compiled JSP pages in the administrative interface. This can be exploited to bypass the administrator authentication by directly accessing the pre-compiled pages inside the "Servlet Exec Admin" package (e.g. servlet/pagecompile._admin._userMgt_xjsp). The vulnerabilities are reported in versions prior to 6.0.0.2_39. SOLUTION: Update to version 6.0.0.2_39. PROVIDED AND/OR DISCOVERED BY: 1) Stefano Di Paola, Minded Security. 2) Giorgio Fedon, Minded Security. ORIGINAL ADVISORY: Minded Security: http://www.mindedsecurity.com/MSA260209.html New Atlanta: http://www.newatlanta.com/c/products/servletexec/download/hotfix/showHotfixDetail?hotfixid=161 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 12 16:44:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 13 Aug 2010 01:44:12 +0200 Subject: [SEC] [SA40942] Drupal OpenID Module Security Bypass Vulnerability Message-ID: <201008122344.o7CNiClL021173@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Drupal OpenID Module Security Bypass Vulnerability SECUNIA ADVISORY ID: SA40942 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40942/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40942 RELEASE DATE: 2010-08-13 DISCUSS ADVISORY: http://secunia.com/advisories/40942/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40942/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40942 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the OpenID module for Drupal, which can be exploited by malicious people to bypass certain security restrictions. For more information see vulnerability #1 in: SA40930 The vulnerability is reported in versions prior to 5.x-1.4. SOLUTION: Update to version 5.x-1.4 or later. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Johnny Bufu, Christian Schmidt, and Heine Deelstra, Drupal Security Team. ORIGINAL ADVISORY: SA-CONTRIB-2010-084: http://drupal.org/node/880480 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 12 17:11:51 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 13 Aug 2010 02:11:51 +0200 Subject: [SEC] [SA40929] Drupal Prepopulate Module Security Bypass Message-ID: <201008130011.o7D0BpKA009898@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Drupal Prepopulate Module Security Bypass SECUNIA ADVISORY ID: SA40929 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40929/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40929 RELEASE DATE: 2010-08-13 DISCUSS ADVISORY: http://secunia.com/advisories/40929/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40929/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40929 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Prepopulate module for Drupal, which can be exploited by malicious users to bypass certain security restrictions. An error in the handling of access permissions can be exploited to change values of otherwise restricted fields. The vulnerability is reported in versions prior to 6.x-2.0 and 5.x-1.5. SOLUTION: Update to the latest version. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Aren Cambre. ORIGINAL ADVISORY: SA-CONTRIB-2010-086: http://drupal.org/node/880696 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 12 17:44:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 13 Aug 2010 02:44:35 +0200 Subject: [SEC] [SA40941] Drupal Pathauto Module Script Insertion Vulnerabilities Message-ID: <201008130044.o7D0iZcc031260@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Drupal Pathauto Module Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA40941 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40941/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40941 RELEASE DATE: 2010-08-13 DISCUSS ADVISORY: http://secunia.com/advisories/40941/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40941/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40941 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in the Pathauto module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "[bookpathalias]", "[catalias]", and "[termalias]" tokens is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "create url aliases" permissions and that the tokens are used in an HTML page e.g. when displaying a message using an action from the token_actions.module. The vulnerabilities are reported in versions prior to 6.x-1.4 and 5.x-2.4. SOLUTION: Update to the latest version. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: SA-CONTRIB-2010-085: http://drupal.org/node/880522 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 12 18:09:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 13 Aug 2010 03:09:16 +0200 Subject: [SEC] [SA40916] Drupal Content Construction Kit Information Disclosure Vulnerability Message-ID: <201008130109.o7D19GDK019838@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Drupal Content Construction Kit Information Disclosure Vulnerability SECUNIA ADVISORY ID: SA40916 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40916/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40916 RELEASE DATE: 2010-08-13 DISCUSS ADVISORY: http://secunia.com/advisories/40916/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40916/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40916 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Drupal Content Construction Kit (CCK), which can be exploited by malicious users to disclose sensitive information. The vulnerability is caused due to the CCK "Node Reference" not properly validating field access levels on the source field of the backend URL, which can be exploited to view node titles and IDs of otherwise restricted nodes. The vulnerability is reported in versions prior to 6.x-2.8. SOLUTION: Update to version 6.x-2.8. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Alexis Wilke. ORIGINAL ADVISORY: SA-CONTRIB-2010-088: http://drupal.org/node/880736 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 12 18:23:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 13 Aug 2010 03:23:33 +0200 Subject: [SEC] [SA40921] Drupal GovDelivery Module Script Insertion Vulnerability Message-ID: <201008130123.o7D1NXPE007956@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Drupal GovDelivery Module Script Insertion Vulnerability SECUNIA ADVISORY ID: SA40921 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40921/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40921 RELEASE DATE: 2010-08-13 DISCUSS ADVISORY: http://secunia.com/advisories/40921/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40921/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40921 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the GovDelivery module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Certain unspecified input is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerability is reported in version Drupal 6.x-1.0. SOLUTION: Update to version 6.x-1.1. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: SA-CONTRIB-2010-087: http://drupal.org/node/880698 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 12 18:44:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 13 Aug 2010 03:44:08 +0200 Subject: [SEC] [SA40912] Ubuntu update for gnupg2 Message-ID: <201008130144.o7D1i8ou028751@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Ubuntu update for gnupg2 SECUNIA ADVISORY ID: SA40912 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40912/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40912 RELEASE DATE: 2010-08-13 DISCUSS ADVISORY: http://secunia.com/advisories/40912/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40912/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40912 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for gnupg2. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system. For more information: SA38877 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-970-1: http://www.ubuntu.com/usn/usn-970-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 12 19:14:06 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 13 Aug 2010 04:14:06 +0200 Subject: [SEC] [SA40945] Drupal Print Module Local File Disclosure Vulnerability Message-ID: <201008130214.o7D2E6w7018070@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Drupal Print Module Local File Disclosure Vulnerability SECUNIA ADVISORY ID: SA40945 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40945/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40945 RELEASE DATE: 2010-08-13 DISCUSS ADVISORY: http://secunia.com/advisories/40945/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40945/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40945 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Print module for Drupal, which can be exploited by malicious users to disclose sensitive information. Input passed to the PDF generation tool is not properly verified before being used to generate PDF files. This can be exploited to read arbitrary files from local resources. The vulnerability is reported in versions prior to 5.x-4.10 and 6.x-1.11. SOLUTION: Update to version 5.x-4.10 or later, or 6.x-1.11 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits Douglas Bagnall ORIGINAL ADVISORY: SA-CONTRIB-2010-082: http://drupal.org/node/880392 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 12 19:44:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 13 Aug 2010 04:44:03 +0200 Subject: [SEC] [SA40963] Cisco ACE Products Multiple Denial of Service Vulnerabilities Message-ID: <201008130244.o7D2i32L006881@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Cisco ACE Products Multiple Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA40963 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40963/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40963 RELEASE DATE: 2010-08-13 DISCUSS ADVISORY: http://secunia.com/advisories/40963/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40963/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40963 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Cisco Application Control Engine products, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An unspecified error within the RTSP inspection can be exploited to cause a reload of an affected device by sending specially crafted RTSP packets. Successful exploitation of this vulnerability requires that RTSP inspection is enabled (disabled by default). 2) An unspecified error within the HTTP, RTSP, and SIP inspection can be exploited to cause a reload of an affected device by sending a specially crafted HTTP packet. Successful exploitation of this vulnerability requires that HTTP, RTSP, or SIP inspection is enabled (disabled by default). This vulnerability does not affect Cisco ACE Application Control Engine Module. 3) An unspecified error in the processing SSL packets can be exploited to cause a reload of an affected device by sending a specially crafted series of SSL packets. This vulnerability does not affect Cisco ACE 4710 Application Control Engine appliance. 4) An unspecified error in the SIP inspection can be exploited to cause a reload of an affected device by sending specially crafted SIP packets. Successful exploitation requires that SIP inspection is enabled (disabled by default). SOLUTION: Update to the latest versions. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: cisco-sa-20100811-ace: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b4091d.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 12 20:07:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 13 Aug 2010 05:07:46 +0200 Subject: [SEC] [SA40960] SAP Crystal Reports GIOP Message Size Integer Overflow Vulnerability Message-ID: <201008130307.o7D37kHU027832@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: SAP Crystal Reports GIOP Message Size Integer Overflow Vulnerability SECUNIA ADVISORY ID: SA40960 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40960/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40960 RELEASE DATE: 2010-08-13 DISCUSS ADVISORY: http://secunia.com/advisories/40960/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40960/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40960 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in SAP Crystal Reports, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an integer overflow within the ebus-3-3-2-6.dll module when processing the packet sizes of GIOP requests. This can be exploited to cause a heap-based buffer overflow by sending specially crafted GIOP requests. Successful exploitation may allow the execution of arbitrary code with SYSTEM privileges. SOLUTION: Apply patch. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Aaron Portnoy, TippingPoint DVLabs ORIGINAL ADVISORY: SAP: https://service.sap.com/sap/support/notes/1473327 TippingPoint DVLabs: http://dvlabs.tippingpoint.com/advisory/TPTI-10-07 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 12 20:21:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 13 Aug 2010 05:21:47 +0200 Subject: [SEC] [SA40970] Fedora update for znc Message-ID: <201008130321.o7D3LlOn015927@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Fedora update for znc SECUNIA ADVISORY ID: SA40970 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40970/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40970 RELEASE DATE: 2010-08-13 DISCUSS ADVISORY: http://secunia.com/advisories/40970/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40970/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40970 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for znc. This fixes multiple vulnerabilities, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service). For more information: SA40919 SOLUTION: Apply updated packages using the yum utility ("yum update znc"). ORIGINAL ADVISORY: FEDORA-2010-12468: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045386.html FEDORA-2010-12481: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045385.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 12 20:42:50 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 13 Aug 2010 05:42:50 +0200 Subject: [SEC] [SA40971] Fedora update for squirrelmail Message-ID: <201008130342.o7D3go4p004349@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Fedora update for squirrelmail SECUNIA ADVISORY ID: SA40971 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40971/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40971 RELEASE DATE: 2010-08-13 DISCUSS ADVISORY: http://secunia.com/advisories/40971/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40971/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40971 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for squirrelmail. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA40307 SOLUTION: Apply updated packages via the yum utility ("yum update squirrelmail"). ORIGINAL ADVISORY: FEDORA-2010-11410: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045372.html FEDORA-2010-11422: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045383.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 12 20:54:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 13 Aug 2010 05:54:44 +0200 Subject: [SEC] [SA40961] Red Hat update for wireshark Message-ID: <201008130354.o7D3sihl024743@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Red Hat update for wireshark SECUNIA ADVISORY ID: SA40961 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40961/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40961 RELEASE DATE: 2010-08-13 DISCUSS ADVISORY: http://secunia.com/advisories/40961/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40961/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40961 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for wireshark. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. For more information: SA39661 SA40112 SA40783 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0625-1: http://rhn.redhat.com/errata/RHSA-2010-0625.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 12 21:08:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 13 Aug 2010 06:08:03 +0200 Subject: [SEC] [SA40954] Red Hat update for flash-plugin Message-ID: <201008130408.o7D483OC012824@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Red Hat update for flash-plugin SECUNIA ADVISORY ID: SA40954 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40954/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40954 RELEASE DATE: 2010-08-13 DISCUSS ADVISORY: http://secunia.com/advisories/40954/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40954/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40954 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for flash-plugin. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct click-jacking attacks or compromise a user's system. For more information: SA40907 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0624-1: https://rhn.redhat.com/errata/RHSA-2010-0624.html RHSA-2010:0623-1: https://rhn.redhat.com/errata/RHSA-2010-0623.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 12 21:21:51 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 13 Aug 2010 06:21:51 +0200 Subject: [SEC] [SA40959] IBM OS/400 HTTP Server Denial of Service Message-ID: <201008130421.o7D4Lpae000842@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: IBM OS/400 HTTP Server Denial of Service SECUNIA ADVISORY ID: SA40959 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40959/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40959 RELEASE DATE: 2010-08-13 DISCUSS ADVISORY: http://secunia.com/advisories/40959/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40959/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40959 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA40206 The vulnerability is reported in version V5R4M0 and V5R5M0. SOLUTION: Apply APAR SE44563. ORIGINAL ADVISORY: IBM (SE44563): http://www-01.ibm.com/support/docview.wss?uid=nas2feddcd102b5b31588625777c003c72fa OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 13 10:28:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 13 Aug 2010 19:28:28 +0200 Subject: [SEC] [SA40863] Novell iPrint Server Buffer Overflow Vulnerability Message-ID: <201008131728.o7DHSSuE025103@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Novell iPrint Server Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA40863 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40863/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40863 RELEASE DATE: 2010-08-13 DISCUSS ADVISORY: http://secunia.com/advisories/40863/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40863/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40863 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Novell Open Enterprise Server, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "/opt/novell/iprint/bin/ipsmd" component in the processing of LPR opcode 0x01 packet types. This can be exploited to cause a stack-based buffer overflow by sending specially crafted packets to an affected system. Successful exploitation allows execution of arbitrary code. SOLUTION: Restrict access to the affected service. PROVIDED AND/OR DISCOVERED BY: Francis Provencher, reported via ZDI ORIGINAL ADVISORY: http://www.zerodayinitiative.com/advisories/ZDI-10-138/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 13 11:27:51 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 13 Aug 2010 20:27:51 +0200 Subject: [SEC] [SA40962] KnowledgeTree Cross-Site Request Forgery Vulnerability Message-ID: <201008131827.o7DIRpH4015242@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: KnowledgeTree Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA40962 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40962/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40962 RELEASE DATE: 2010-08-13 DISCUSS ADVISORY: http://secunia.com/advisories/40962/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40962/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40962 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in KnowledgeTree, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change an administrator's password or assign a user administrative privileges by tricking an administrative user into visiting a malicious web site. The vulnerability is confirmed in version 3.7.0.2. Other versions may also be affected. SOLUTION: Do not browse untrusted websites or follow untrusted links while logged in to the application. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.knowledgetree.org/Known_Issues_and_Workarounds OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 13 12:27:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 13 Aug 2010 21:27:46 +0200 Subject: [SEC] [SA40980] Onyx Cross-Site Request Forgery and Script Insertion Vulnerabilities Message-ID: <201008131927.o7DJRkMm005402@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Onyx Cross-Site Request Forgery and Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA40980 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40980/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40980 RELEASE DATE: 2010-08-13 DISCUSS ADVISORY: http://secunia.com/advisories/40980/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40980/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40980 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Onyx, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests, without properly verifying the validity of the requests. This can be exploited to e.g. add a new user to the application by tricking a logged in administrator into visiting a malicious website. NOTE: This can further be exploited to conduct script insertion attacks. The vulnerability is reported in version 0.3.2. Other versions may also be affected SOLUTION: Do not browse untrusted web sites or follow untrusted links while being logged in to the application. PROVIDED AND/OR DISCOVERED BY: HTBridge ORIGINAL ADVISORY: HTB22536: http://www.htbridge.ch/advisory/xss_vulnerability_in_onyx.html HTB22537: http://www.htbridge.ch/advisory/xss_vulnerability_in_onyx_1.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 13 13:27:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 13 Aug 2010 22:27:54 +0200 Subject: [SEC] [SA40955] KnowledgeTree "metadata.php" Security Bypass Vulnerability Message-ID: <201008132027.o7DKRsj8027994@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: KnowledgeTree "metadata.php" Security Bypass Vulnerability SECUNIA ADVISORY ID: SA40955 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40955/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40955 RELEASE DATE: 2010-08-13 DISCUSS ADVISORY: http://secunia.com/advisories/40955/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40955/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40955 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in KnowledgeTree, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in the search2/ajax/metadata.php script, which does not properly checking for authentication before querying the database. This can be exploited to access otherwise restricted information about document types, fieldsets, and fields. The vulnerability is reported in versions prior to 3.6.1. Other versions may also be affected. SOLUTION: Update to version 3.6.1 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://wiki.knowledgetree.org/Security_advisory:_Unauthenticated_access_to_Search_AJAX_calls OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 13 14:21:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 13 Aug 2010 23:21:39 +0200 Subject: [SEC] [SA40981] Hulihan Mystic Cross-Site Request Forgery Vulnerability Message-ID: <201008132121.o7DLLdFb017876@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Hulihan Mystic Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA40981 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40981/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40981 RELEASE DATE: 2010-08-13 DISCUSS ADVISORY: http://secunia.com/advisories/40981/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40981/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40981 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has reported a vulnerability in Hulihan Mystic, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. create an arbitrary user with administrative privileges if a logged-in administrative user visits a malicious web site. The vulnerability is reported in version 0.1.4. Other versions may also be affected. SOLUTION: Do not browse untrusted sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22533: http://www.htbridge.ch/advisory/xsrf_csrf_in_mystic.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 13 14:42:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 13 Aug 2010 23:42:44 +0200 Subject: [SEC] [SA40973] SoftX FTP Client Directory Download Directory Traversal Vulnerability Message-ID: <201008132142.o7DLgiaq006296@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: SoftX FTP Client Directory Download Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA40973 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40973/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40973 RELEASE DATE: 2010-08-13 DISCUSS ADVISORY: http://secunia.com/advisories/40973/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40973/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40973 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in SoftX FTP Client, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when downloading directories containing files with directory traversal specifiers in the filename. This can be exploited to download files to an arbitrary location on a user's system. Successful exploitation requires that the user is tricked into connecting and downloading a directory from a malicious FTP server. The vulnerability is confirmed in version 3.3 on a Windows XP system. Other versions may also be affected. SOLUTION: Download from trusted servers only. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: http://www.htbridge.ch/advisory/directory_traversal_in_softx_ftp_client.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 13 14:59:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 13 Aug 2010 23:59:46 +0200 Subject: [SEC] [SA40985] Porta+ FTP Client Directory Download Directory Traversal Vulnerability Message-ID: <201008132159.o7DLxkvS027027@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Porta+ FTP Client Directory Download Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA40985 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40985/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40985 RELEASE DATE: 2010-08-13 DISCUSS ADVISORY: http://secunia.com/advisories/40985/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40985/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40985 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Porta+ FTP Client, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when downloading directories containing files with directory traversal specifiers in the filename. For more information: SA40973 The vulnerability is confirmed in version 4.1 on a Windows XP system. Other versions may also be affected. SOLUTION: Download from trusted servers only. PROVIDED AND/OR DISCOVERED BY: Originally discovered in SoftX FTP Client by High-Tech Bridge SA. Discovered in Porta+ FTP Client by Secunia Research. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 13 15:26:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 14 Aug 2010 00:26:11 +0200 Subject: [SEC] [SA40967] CMS Source Multiple Vulnerabilities Message-ID: <201008132226.o7DMQB3A015679@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: CMS Source Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40967 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40967/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40967 RELEASE DATE: 2010-08-14 DISCUSS ADVISORY: http://secunia.com/advisories/40967/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40967/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40967 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has reported some vulnerabilities in CMS Source, which can be exploited by malicious users and malicious people to disclose sensitive information and by malicious people to to conduct cross-site scripting and SQL injection attacks. 1) Input passed via the "searchstring" parameter to index.php (when "target" is set to "search") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "subtarget" parameter to index.php (when "target" is set) and manage.php (when "target" is set) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed via the "mytitle" parameter to index.php (when "target" is set to "action") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 4) Input passed via the "selected" parameter to index.php (when "target" is set to "articles" and "subtarget" is set to "Article_Detail") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 5) Input passed via the "searchstring" parameter to index.php (when "target" is set to "search") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 6) Input passed via the "target" parameter to index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. 7) Input passed via the "target" parameter to manage.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation of this vulnerability requires access to the administrative section. The vulnerabilities are reported in version 3.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised and verified. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: High-Tech Bridge SA: http://www.htbridge.ch/advisory/xss_vulnerability_in_cms_source.html http://www.htbridge.ch/advisory/xss_vulnerability_in_cms_source_1.html http://www.htbridge.ch/advisory/xss_vulnerability_in_cms_source_2.html http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_cms_source.html http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_cms_source_1.html http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_cms_source_2.html http://www.htbridge.ch/advisory/local_file_inclusion_in_cms_source.html http://www.htbridge.ch/advisory/local_file_inclusion_in_cms_source_1.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 13 15:46:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 14 Aug 2010 00:46:17 +0200 Subject: [SEC] [SA40956] strongSwan Certificate / Identification Payload Parsing Vulnerabilities Message-ID: <201008132246.o7DMkHM7004036@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: strongSwan Certificate / Identification Payload Parsing Vulnerabilities SECUNIA ADVISORY ID: SA40956 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40956/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40956 RELEASE DATE: 2010-08-14 DISCUSS ADVISORY: http://secunia.com/advisories/40956/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40956/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40956 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in strongSwan, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerabilities are caused due to insecure usage of the "snprintf()" function when parsing certificates or identification payload. Successful exploitation may allow execution of arbitrary code. The vulnerabilities are reported in version 4.3.3 and later prior to 4.3.7 and 4.4.1. SOLUTION: Apply patches or update to version 4.3.7 or 4.4.1. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: https://lists.strongswan.org/pipermail/users/2010-August/005167.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 13 16:12:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 14 Aug 2010 01:12:23 +0200 Subject: [SEC] [SA40949] Kleeja Cross-Site Request Forgery Vulnerability Message-ID: <201008132312.o7DNCNsb025098@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Kleeja Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA40949 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40949/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40949 RELEASE DATE: 2010-08-14 DISCUSS ADVISORY: http://secunia.com/advisories/40949/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40949/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40949 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Kleeja, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change the administrative password or assign a user administrative privileges by tricking an administrative user into visiting a malicious web site. The vulnerability is reported in version 1RC6. Other versions may also be affected. SOLUTION: Do not browse untrusted websites or follow untrusted links while logged in to the application. PROVIDED AND/OR DISCOVERED BY: KOLTN S ORIGINAL ADVISORY: Kleeja: http://www.kleeja.com/bugs/index.php?go=view&id=660 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 13 16:46:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 14 Aug 2010 01:46:18 +0200 Subject: [SEC] [SA40964] Debian update for squirrelmail Message-ID: <201008132346.o7DNkIj3014102@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Debian update for squirrelmail SECUNIA ADVISORY ID: SA40964 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40964/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40964 RELEASE DATE: 2010-08-14 DISCUSS ADVISORY: http://secunia.com/advisories/40964/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40964/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40964 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for squirrelmail. This fixes a vulnerability and a weakness, which can be exploited by malicious people to conduct cross-site request forgery attacks and cause a DoS (Denial of Service). For more information: SA34627 SA40307 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA-2091-1: http://lists.debian.org/debian-security-announce/2010/msg00136.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 13 17:11:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 14 Aug 2010 02:11:27 +0200 Subject: [SEC] [SA39970] SWFTools Two Integer Overflow Vulnerabilities Message-ID: <201008140011.o7E0BRp3002676@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: SWFTools Two Integer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA39970 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39970/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39970 RELEASE DATE: 2010-08-14 DISCUSS ADVISORY: http://secunia.com/advisories/39970/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39970/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39970 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered two vulnerabilities in SWFTools, which can be exploited by malicious people to compromise a user's system. 1) An integer overflow error within the "getPNG()" function in lib/png.c can be exploited to cause a heap-based buffer overflow via specially crafted PNG images. 2) An integer overflow error within the "jpeg_load()" function in lib/jpeg.c can be exploited to cause a heap-based buffer overflow via specially crafted JPEG images. The vulnerabilities are confirmed in version 0.9.1. Other versions may also be affected. SOLUTION: Fixed in the GIT repository. PROVIDED AND/OR DISCOVERED BY: Stefan Cornelius, Secunia Research. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2010-80/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 13 17:44:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 14 Aug 2010 02:44:17 +0200 Subject: [SEC] [SA40958] Cisco IOS TCP Connection Handling Denial of Service Message-ID: <201008140044.o7E0iHM1024047@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Cisco IOS TCP Connection Handling Denial of Service SECUNIA ADVISORY ID: SA40958 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40958/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40958 RELEASE DATE: 2010-08-14 DISCUSS ADVISORY: http://secunia.com/advisories/40958/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40958/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40958 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability exists due to an error in the handling of TCP packets during the establishment phase. This can be exploited to cause TCP connections to remain in a half-open state and consume system resources. Successful exploitation does not require a full TCP three-way handshake and is possible e.g. via spoofed TCP packets. The vulnerability is reported in Cisco IOS Software Release 15.1T. SOLUTION: Update to Cisco IOS Software Release 15.1(2)T0a or 15.1(2)T1 when it becomes available on 20-AUG-2010. PROVIDED AND/OR DISCOVERED BY: Reported to the vendor by a customer. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20100812-tcp.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 13 18:09:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 14 Aug 2010 03:09:03 +0200 Subject: [SEC] [SA40953] BarnOwl Incorrect Verification of libzephyr Return Values Vulnerability Message-ID: <201008140109.o7E193Er012639@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: BarnOwl Incorrect Verification of libzephyr Return Values Vulnerability SECUNIA ADVISORY ID: SA40953 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40953/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40953 RELEASE DATE: 2010-08-14 DISCUSS ADVISORY: http://secunia.com/advisories/40953/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40953/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40953 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in BarnOwl, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. The vulnerability is caused due to BarnOwl not properly verifying the return values of certain libzephyr functions, which can be exploited to cause a crash or potentially execute arbitrary code. The vulnerability is reported in versions prior to 1.6.2. SOLUTION: Update to version 1.6.2. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://barnowl.mit.edu/wiki/release-notes/1.6.2 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 16 10:27:56 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 16 Aug 2010 19:27:56 +0200 Subject: [SEC] [SA40975] Palm Pre WebOS Multiple Vulnerabilities Message-ID: <201008161727.o7GHRurw019695@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Palm Pre WebOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40975 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40975/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40975 RELEASE DATE: 2010-08-16 DISCUSS ADVISORY: http://secunia.com/advisories/40975/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40975/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40975 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Several vulnerabilities have been reported in Palm Pre WebOS, where some have an unknown impact and others can be exploited to compromise a vulnerable device. 1) An error in the parsing of vCards may allow execution of arbitrary code when a vCard e.g. delivered via a text message is viewed. 2) Several unspecified errors exist. No more information is currently available. SOLUTION: Update to version 1.4.5. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Nils, MWR InfoSecurity. 2) The vendor credits Chris Clark. ORIGINAL ADVISORY: Palm: http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#145 PC Pro: http://www.pcpro.co.uk/news/interviews/360256/q-a-how-we-sliced-open-palm-and-android-security OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 16 11:27:53 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 16 Aug 2010 20:27:53 +0200 Subject: [SEC] [SA40986] KnowledgeTree Web Service Document Upload Manager Vulnerability Message-ID: <201008161827.o7GIRrSI009877@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: KnowledgeTree Web Service Document Upload Manager Vulnerability SECUNIA ADVISORY ID: SA40986 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40986/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40986 RELEASE DATE: 2010-08-16 DISCUSS ADVISORY: http://secunia.com/advisories/40986/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40986/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40986 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in KnowledgeTree, which can be exploited by malicious users to bypass certain security restrictions. When uploading documents using the Web Service Document Upload Manager the "ktwebservice/KTUploadManager.inc.php" script does not properly verify the temporary file name of an uploaded file before saving it. This can be exploited to save the uploaded file to a folder outside the "var/uploads" directory. Successful exploitation requires authentication using SOAP or REST Web Services APIs. The security issue is reported in versions 3.7.0.2, 3.6.x, and 3.5.x. SOLUTION: Apply vendor patch. Please see the vendors advisory for more details. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.knowledgetree.org/Security_advisory:_Web_Service_Document_Upload_Manager OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 16 12:27:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 16 Aug 2010 21:27:39 +0200 Subject: [SEC] [SA41003] Ruby WEBrick UTF-7 Error Message Cross-Site Scripting Vulnerability Message-ID: <201008161927.o7GJRduA032436@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Ruby WEBrick UTF-7 Error Message Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA41003 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41003/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41003 RELEASE DATE: 2010-08-16 DISCUSS ADVISORY: http://secunia.com/advisories/41003/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41003/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41003 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Ruby WEBrick, which can be exploited by malicious people to conduct cross-site scripting attacks. The vulnerability is caused due to an error in the Ruby WEBrick HTTP server, which can be leveraged to generate error pages interpreted as having an UTF-7 character set. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. This is related to vulnerability #20 in: SA40220 The vulnerability is reported in Ruby version 1.8.6-p399 and prior, Ruby 1.8.7-p299 and prior, and Ruby 1.9.1-p429 and prior. SOLUTION: Update or upgrade to a fixed version or apply patch. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Apple. ORIGINAL ADVISORY: http://www.ruby-lang.org/en/news/2010/08/16/xss-in-webrick-cve-2010-0541/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 16 13:27:51 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 16 Aug 2010 22:27:51 +0200 Subject: [SEC] [SA40988] Zomplog Cross-Site Scripting and Request Forgery Vulnerabilities Message-ID: <201008162027.o7GKRp1R022617@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Zomplog Cross-Site Scripting and Request Forgery Vulnerabilities SECUNIA ADVISORY ID: SA40988 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40988/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40988 RELEASE DATE: 2010-08-16 DISCUSS ADVISORY: http://secunia.com/advisories/40988/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40988/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40988 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in Zomplog, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks. 1) Input passed via the "message" parameter to various scripts is not properly sanitised before being returned to the user in admin/functions.php. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Examples: http://[host]/admin/users.php?message=[code] http://[host]/admin/category.php?message=[code] http://[host]/admin/entry.php?message=[code] http://[host]/admin/newentry.php?message=[code] http://[host]/admin/comments.php?message=[code] http://[host]/admin/newpage.php?message=[code] http://[host]/admin/page.php?message=[code] http://[host]/admin/settings.php?message=[code] http://[host]/admin/changeclothes.php?message=[code] http://[host]/admin/settings_theme.php?message=[code] http://[host]/admin/themes.php?message=[code] http://[host]/admin/plugins.php?message=[code] 2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. add an administrative user or change an administrator's password by tricking an administrative user into visiting a malicious web site. The vulnerabilities are confirmed in version 3.9. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Do not browse untrusted websites or follow untrusted links while logged in to the application. PROVIDED AND/OR DISCOVERED BY: 10n1z3d OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 16 14:22:06 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 16 Aug 2010 23:22:06 +0200 Subject: [SEC] [SA41007] Fedora update for drupal Message-ID: <201008162122.o7GLM6ZU012531@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Fedora update for drupal SECUNIA ADVISORY ID: SA41007 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41007/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41007 RELEASE DATE: 2010-08-16 DISCUSS ADVISORY: http://secunia.com/advisories/41007/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41007/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41007 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for drupal. This fixes a weakness and some vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks, and by malicious users and malicious people to bypass certain security restrictions. For more information: SA40930 SOLUTION: Apply updated packages via the yum utility ("yum update drupal"). ORIGINAL ADVISORY: FEDORA-2010-12742: https://admin.fedoraproject.org/updates/drupal-6.19-1.fc12 FEDORA-2010-12753: https://admin.fedoraproject.org/updates/drupal-6.19-1.fc13 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 16 14:42:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 16 Aug 2010 23:42:47 +0200 Subject: [SEC] [SA41009] Fedora update for ssmtp Message-ID: <201008162142.o7GLglC7000856@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Fedora update for ssmtp SECUNIA ADVISORY ID: SA41009 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41009/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41009 RELEASE DATE: 2010-08-16 DISCUSS ADVISORY: http://secunia.com/advisories/41009/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41009/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41009 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for ssmtp. This fixes a weakness, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The weakness is caused due to an error when removing trailing newline characters while processing lines starting with a dot. This can be exploited to cause ssmtp to terminate by sending specially crafted email messages. SOLUTION: Apply updated packages using the yum utility ("yum update ssmtp"). PROVIDED AND/OR DISCOVERED BY: Brendan Boerner ORIGINAL ADVISORY: FEDORA-2010-11811: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045422.html FEDORA-2010-11836: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045407.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 16 14:55:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 16 Aug 2010 23:55:14 +0200 Subject: [SEC] [SA41008] Fedora update for httpd Message-ID: <201008162155.o7GLtEMv021355@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: Fedora update for httpd SECUNIA ADVISORY ID: SA41008 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41008/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41008 RELEASE DATE: 2010-08-16 DISCUSS ADVISORY: http://secunia.com/advisories/41008/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41008/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41008 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for httpd. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA40206 SOLUTION: Apply updated packages via the yum utility ("yum update httpd"). ORIGINAL ADVISORY: FEDORA-2010-12478: https://admin.fedoraproject.org/updates/httpd-2.2.16-1.fc13 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 16 15:08:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 17 Aug 2010 00:08:13 +0200 Subject: [SEC] [SA40913] SUSE update for flash-player Message-ID: <201008162208.o7GM8Dw6009413@CRON-IX-2.intnet> ---------------------------------------------------------------------- Get tweets from Secunia http://twitter.com/secunia ---------------------------------------------------------------------- TITLE: SUSE update for flash-player SECUNIA ADVISORY ID: SA40913 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40913/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40913 RELEASE DATE: 2010-08-16 DISCUSS ADVISORY: http://secunia.com/advisories/40913/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40913/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40913 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for flash-player. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct click-jacking attacks and compromise a vulnerable system. For more information: SA40907 SOLUTION: Apply updated packages via YaST Online Update or SUSE FTP server. ORIGINAL ADVISORY: SUSE-SA:2010:034: http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00002.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 17 10:29:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 17 Aug 2010 19:29:41 +0200 Subject: [SEC] [SA41006] Fedora update for java-1.6.0-openjdk Message-ID: <201008171729.o7HHTfL0017524@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Fedora update for java-1.6.0-openjdk SECUNIA ADVISORY ID: SA41006 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41006/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41006 RELEASE DATE: 2010-08-17 DISCUSS ADVISORY: http://secunia.com/advisories/41006/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41006/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41006 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for java-1.6.0-openjdk. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and manipulate certain data or disclose potentially sensitive information. For more information: SA40991 SOLUTION: Apply updated packages using the yum utility ("yum update java-1.6.0-openjdk"). ORIGINAL ADVISORY: FEDORA-2010-12758: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045468.html FEDORA-2010-12759: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045471.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 17 11:29:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 17 Aug 2010 20:29:46 +0200 Subject: [SEC] [SA40991] Ubuntu update for openjdk-6 Message-ID: <201008171829.o7HITk4g007694@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Ubuntu update for openjdk-6 SECUNIA ADVISORY ID: SA40991 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40991/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40991 RELEASE DATE: 2010-08-17 DISCUSS ADVISORY: http://secunia.com/advisories/40991/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40991/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40991 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for openjdk-6. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and manipulate certain data or disclose potentially sensitive information. 1) An error in NetX can be exploited to set an arbitrary Java property via an unsigned applet. 2) Another error in NetX can be exploited to read or write to local files via an unsigned applet. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: USN-971-1: http://www.ubuntu.com/usn/usn-971-1 IcedTea6: http://icedtea.classpath.org/hg/release/icedtea6-1.8/file/1419166fcebf/NEWS OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 17 12:29:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 17 Aug 2010 21:29:40 +0200 Subject: [SEC] [SA40968] i-Web Suite Multiple Vulnerabilities Message-ID: <201008171929.o7HJTepq030271@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: i-Web Suite Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40968 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40968/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40968 RELEASE DATE: 2010-08-17 DISCUSS ADVISORY: http://secunia.com/advisories/40968/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40968/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40968 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in i-Web Suite, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Input passed via the "errmsg" parameter to default.asp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "mn", "sfield", and "search" parameters to default.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Filter malicious characters and character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: HTBridge ORIGINAL ADVISORY: HTB22543: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_i_web_suite.html HTB22544: http://www.htbridge.ch/advisory/xss_vulnerability_in_i_web_suite.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 17 13:29:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 17 Aug 2010 22:29:30 +0200 Subject: [SEC] [SA41028] 123 Flash Chat Information Disclosure Security Issue Message-ID: <201008172029.o7HKTUFx020438@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: 123 Flash Chat Information Disclosure Security Issue SECUNIA ADVISORY ID: SA41028 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41028/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41028 RELEASE DATE: 2010-08-17 DISCUSS ADVISORY: http://secunia.com/advisories/41028/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41028/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41028 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Lincoln has discovered a security issue in 123 Flash Chat, which can be exploited by malicious people to disclose sensitive information. For more information see security issue #3: SA40994 SOLUTION: Use HTTPS on the chat server. PROVIDED AND/OR DISCOVERED BY: Lincoln ORIGINAL ADVISORY: http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-060-123-flash-chat-ver-7-8/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 17 14:24:06 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 17 Aug 2010 23:24:06 +0200 Subject: [SEC] [SA40994] 123 Flash Chat Multiple Vulnerabilities Message-ID: <201008172124.o7HLO6He010374@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: 123 Flash Chat Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40994 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40994/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40994 RELEASE DATE: 2010-08-17 DISCUSS ADVISORY: http://secunia.com/advisories/40994/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40994/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40994 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Lincoln has discovered two vulnerabilities and a security issue in 123 Flash Chat, which can be exploited by malicious people to disclose sensitive information and conduct cross-site scripting attacks. 1) Input passed via the URL is not properly verified before being used to read files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks. 2) Input passed via the URL is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) A security issue is caused due to the user name and the password being transmitted via a web request in clear text when logging in to the chat server. NOTE: Additionally, a weakness exists due to the Flash cross-domain policy (crossdomain.xml) allowing access from arbitrary domains. The vulnerabilities and the security issue are confirmed in version 7.8. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences in a proxy. Use HTTPS on the chat server. Vulnerabilities #1 and #2 are fixed in version 8.0. PROVIDED AND/OR DISCOVERED BY: Lincoln ORIGINAL ADVISORY: http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-060-123-flash-chat-ver-7-8/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 17 14:42:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 17 Aug 2010 23:42:36 +0200 Subject: [SEC] [SA41021] Apache Geronimo Information Disclosure and Denial of Service Message-ID: <201008172142.o7HLgask031078@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Apache Geronimo Information Disclosure and Denial of Service SECUNIA ADVISORY ID: SA41021 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41021/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41021 RELEASE DATE: 2010-08-17 DISCUSS ADVISORY: http://secunia.com/advisories/41021/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41021/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41021 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Apache has acknowledged a vulnerability in Apache Geronimo, which can be exploited by malicious people to disclose certain system information and cause a DoS (Denial of Service). For more information see vulnerability #2 in: SA39574 The vulnerability is reported in versions 2.1.1 through 2.1.6. SOLUTION: Follow the patch instructions. Please see the vendor's advisory for more details. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://geronimo.apache.org/geronimo-21x-and-22x-cve-2010-2227-apache-tomcat-remote-denial-of-service-patch-instructions.html http://geronimo.apache.org/21x-security-report.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 17 15:00:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 18 Aug 2010 00:00:29 +0200 Subject: [SEC] [SA41025] Apache Geronimo Multiple Vulnerabilities Message-ID: <201008172200.o7HM0TGv019449@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Apache Geronimo Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41025 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41025/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41025 RELEASE DATE: 2010-08-17 DISCUSS ADVISORY: http://secunia.com/advisories/41025/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41025/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41025 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Apache has acknowledged some vulnerabilities in Apache Geronimo, which can be exploited by malicious people to disclose system information or potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system. For more information: SA39574 SA40252 SA40260 SA40969 The vulnerabilities are reported in version 2.2. SOLUTION: Follow the patch instructions. Please see the vendor's advisory for more details. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://geronimo.apache.org/22x-security-report.html http://geronimo.apache.org/geronimo-22x-cve-2010-1632-patch-instructions.html http://geronimo.apache.org/geronimo-21x-and-22x-spring-framework-sec02-patch-instructions.html http://geronimo.apache.org/geronimo-21x-and-22x-cve-2010-2227-apache-tomcat-remote-denial-of-service-patch-instructions.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 17 15:26:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 18 Aug 2010 00:26:03 +0200 Subject: [SEC] [SA41004] Fedora update for mipv6-daemon Message-ID: <201008172226.o7HMQ3Em008071@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Fedora update for mipv6-daemon SECUNIA ADVISORY ID: SA41004 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41004/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41004 RELEASE DATE: 2010-08-18 DISCUSS ADVISORY: http://secunia.com/advisories/41004/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41004/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41004 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for mipv6-daemon. This fixes two vulnerabilities, where one has an unknown impact and the other can be exploited by malicious, local users to conduct spoofing attacks. 1) A vulnerability is caused due to mipv6-daemon not properly verifying the credentials of received NETLINK messages and can be exploited by sending unicast NETLINK messages. 2) A boundary error in ha.c can be exploited to corrupt memory via specially crafted ND_OPT_PREFIX_INFORMATION and ND_OPT_HOME_AGENT_INFO packets. SOLUTION: Apply updated packages via the yum utility ("yum update mipv6-daemon"). ORIGINAL ADVISORY: FEDORA-2010-11143: https://admin.fedoraproject.org/updates/mipv6-daemon-0.4-5.fc12 FEDORA-2010-11152: https://admin.fedoraproject.org/updates/mipv6-daemon-0.4-5.fc13 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 17 15:45:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 18 Aug 2010 00:45:33 +0200 Subject: [SEC] [SA41002] Linux Kernel 64bit Maximum Stack Size Denial of Service Vulnerability Message-ID: <201008172245.o7HMjXbF028825@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Linux Kernel 64bit Maximum Stack Size Denial of Service Vulnerability SECUNIA ADVISORY ID: SA41002 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41002/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41002 RELEASE DATE: 2010-08-18 DISCUSS ADVISORY: http://secunia.com/advisories/41002/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41002/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41002 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Brad Spengler has reported a vulnerability in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to the kernel incorrectly setting the maximum stack size for 32bit applications in a 64bit environment, which can be exploited to e.g. trigger a "BUG()" or cause out-of-memory conditions via specially crafted applications. Successful exploitation requires a 64bit system. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Brad Spengler ORIGINAL ADVISORY: http://grsecurity.net/~spender/64bit_dos.c OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 17 16:09:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 18 Aug 2010 01:09:59 +0200 Subject: [SEC] [SA40965] Linux Kernel Userspace Stack Growth Vulnerability Message-ID: <201008172309.o7HN9xGB017405@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Linux Kernel Userspace Stack Growth Vulnerability SECUNIA ADVISORY ID: SA40965 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40965/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40965 RELEASE DATE: 2010-08-18 DISCUSS ADVISORY: http://secunia.com/advisories/40965/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40965/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40965 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges. The vulnerability is caused due to the kernel not properly limiting the growth of the stack in userspace applications, which can be exploited to e.g. overwrite other memory areas and potentially gain escalated privileges. SOLUTION: Update to version 2.6.32.19, 2.6.34.4, or 2.6.35.2. PROVIDED AND/OR DISCOVERED BY: Reportedly discovered by Rafal Wojtczuk. ORIGINAL ADVISORY: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=320b2b8de12698082609ebbc1a17165727f4c893 https://bugzilla.redhat.com/show_bug.cgi?id=606611 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 17 16:24:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 18 Aug 2010 01:24:40 +0200 Subject: [SEC] [SA40957] Ezyweb Multiple Vulnerabilities Message-ID: <201008172324.o7HNOejP005528@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Ezyweb Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40957 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40957/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40957 RELEASE DATE: 2010-08-18 DISCUSS ADVISORY: http://secunia.com/advisories/40957/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40957/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40957 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Ezyweb CMS, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system. 1) Input passed via the "username" and "password" POST parameters to loginvalid.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows bypassing the login mechanism. 2) The insert.image.php script allows uploading of PHP files, which are then stored in a folder inside the webroot. This can be exploited to e.g. upload and execute arbitrary PHP code. SOLUTION: Edit the source code to ensure that input is properly sanitised. Restrict access to insert.image.php. PROVIDED AND/OR DISCOVERED BY: Li0n-PaL OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 17 16:46:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 18 Aug 2010 01:46:38 +0200 Subject: [SEC] [SA40990] Pimcore Cross-Site Request Forgery Vulnerability Message-ID: <201008172346.o7HNkcCS026395@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Pimcore Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA40990 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40990/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40990 RELEASE DATE: 2010-08-18 DISCUSS ADVISORY: http://secunia.com/advisories/40990/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40990/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40990 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in Pimcore, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. edit page content or assign a user administrative privileges by tricking an administrative user into visiting a malicious web site. NOTE: This can further be exploited to conduct script insertion attacks. The vulnerability is confirmed in version 1.1.1. Other versions may also be affected. SOLUTION: Do not follow untrusted links or visit untrusted web sites while being logged-in to the administrative interface of the application. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: http://www.htbridge.ch/advisory/xss_vulnerability_in_pimcore.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 17 17:11:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 18 Aug 2010 02:11:42 +0200 Subject: [SEC] [SA40989] CMSimple Cross-Site Request Forgery Vulnerability Message-ID: <201008180011.o7I0Bg6V014994@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: CMSimple Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA40989 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40989/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40989 RELEASE DATE: 2010-08-18 DISCUSS ADVISORY: http://secunia.com/advisories/40989/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40989/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40989 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in CMSimple, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. change the administrative password or manipulate the application's content by tricking a logged in administrator into visiting a malicious web site. The vulnerability is confirmed in version 3.3. Other versions may also be affected. SOLUTION: Do not visit untrusted web sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: HTBridge ORIGINAL ADVISORY: HTB22561: http://www.htbridge.ch/advisory/xsrf_csrf_in_cmsimple.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 17 17:44:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 18 Aug 2010 02:44:26 +0200 Subject: [SEC] [SA41011] SUSE Update for Multiple Packages Message-ID: <201008180044.o7I0iQGk003931@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: SUSE Update for Multiple Packages SECUNIA ADVISORY ID: SA41011 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41011/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41011 RELEASE DATE: 2010-08-18 DISCUSS ADVISORY: http://secunia.com/advisories/41011/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41011/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41011 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for multiple packages. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges, by malicious users to cause a DoS (Denial of Service), and by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), bypass certain security restrictions, disclose sensitive information and compromise a user's system. For more information: SA35500 SA36159 SA36230 SA36425 SA37107 SA37851 SA38877 SA39091 SA39544 SA39651 SA39753 SA39762 SA40105 SA40257 SA40727 SA40956 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SR:2010:015: http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00003.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 17 18:09:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 18 Aug 2010 03:09:18 +0200 Subject: [SEC] [SA40974] Explorer Suite CFF Explorer Name Identifier Buffer Overflow Vulnerability Message-ID: <201008180109.o7I19IP1024924@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Explorer Suite CFF Explorer Name Identifier Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA40974 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40974/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40974 RELEASE DATE: 2010-08-18 DISCUSS ADVISORY: http://secunia.com/advisories/40974/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40974/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40974 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Josh Mitchell has discovered a vulnerability in Explorer Suite CFF Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing the name identifier of resources. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into examining a specially crafted PE file with the "Resource Editor" functionality. The vulnerability is confirmed in CFF Explorer VII version 7.8.6.4. Other versions may also be affected. SOLUTION: Update to version 7.9.0.0. PROVIDED AND/OR DISCOVERED BY: Josh Mitchell, reported via Secunia. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 17 18:23:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 18 Aug 2010 03:23:26 +0200 Subject: [SEC] [SA40996] Fedora update for ghostscript Message-ID: <201008180123.o7I1NQhK013032@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Fedora update for ghostscript SECUNIA ADVISORY ID: SA40996 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40996/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40996 RELEASE DATE: 2010-08-18 DISCUSS ADVISORY: http://secunia.com/advisories/40996/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40996/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40996 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for ghostscript. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA39753 SOLUTION: Apply updated packages via the yum utility ("yum update ghostscript"). ORIGINAL ADVISORY: FEDORA-2010-11376: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045568.html FEDORA-2010-11325: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045500.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 17 18:44:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 18 Aug 2010 03:44:37 +0200 Subject: [SEC] [SA40995] GrowSmartBusiness Small Business Success Index Widget Security Issue Message-ID: <201008180144.o7I1ibbW001415@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: GrowSmartBusiness Small Business Success Index Widget Security Issue SECUNIA ADVISORY ID: SA40995 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40995/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40995 RELEASE DATE: 2010-08-18 DISCUSS ADVISORY: http://secunia.com/advisories/40995/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40995/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40995 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in GrowSmartBusiness Small Business Success Index Widget, which can potentially be exploited by malicious people to compromise a vulnerable system. The security issue is caused due to the widget including malicious code, which can potentially be exploited to gain unauthorised access to a web site if the widget has been downloaded and installed. SOLUTION: The vendor recommends to delete the widget and scan affected sites for malware. PROVIDED AND/OR DISCOVERED BY: Armorize ORIGINAL ADVISORY: Network Solutions: http://blog.networksolutions.com/2010/security-alert-malware-found-on-widget/ Armorize: http://blog.armorize.com/2010/08/smci-widget-by-network-solutions-still.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 17 19:13:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 18 Aug 2010 04:13:29 +0200 Subject: [SEC] [SA40976] Liferay Portal JSON Information Disclosure Security Issue Message-ID: <201008180213.o7I2DTIB023114@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Liferay Portal JSON Information Disclosure Security Issue SECUNIA ADVISORY ID: SA40976 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40976/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40976 RELEASE DATE: 2010-08-18 DISCUSS ADVISORY: http://secunia.com/advisories/40976/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40976/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40976 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Stefano Di Paola has reported a security issue in Liferay Portal, which can be exploited by malicious users to disclose sensitive information. The security issue is caused due to the application disclosing certain information via the JSON service. This can be exploited to e.g. disclose administrator's password hash via the "getRoleUsers" method. Successful exploitation requires that the JSON service is enabled (not enabled by default in versions 4.3.2 and above). The security issue is reported in version 4.x and 5.x. Other versions may also be affected. SOLUTION: Restrict access to the JSON service to trusted users only. PROVIDED AND/OR DISCOVERED BY: Stefano Di Paola, Minded Security. ORIGINAL ADVISORY: http://www.mindedsecurity.com/MSA251009.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 17 19:42:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 18 Aug 2010 04:42:42 +0200 Subject: [SEC] [SA40978] Linux-PAM pam_xauth PAM Module Privilege Escalation Security Issue Message-ID: <201008180242.o7I2gguJ011899@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Linux-PAM pam_xauth PAM Module Privilege Escalation Security Issue SECUNIA ADVISORY ID: SA40978 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40978/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40978 RELEASE DATE: 2010-08-18 DISCUSS ADVISORY: http://secunia.com/advisories/40978/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40978/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40978 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Linux-PAM, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the "pam_xauth" module incorrectly checking the return values of e.g. the "setuid()" and "setgid()" functions when dropping privileges. This can potentially be exploited to perform certain actions with escalated privileges. The security issue is reported in version 1.1.1. Other versions may also be affected. SOLUTION: Fixed in the CVS repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Tim Brown ORIGINAL ADVISORY: http://sourceforge.net/tracker/?func=detail&aid=3028213&group_id=6663&atid=106663 http://www.openwall.com/lists/oss-security/2010/08/16/2 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 17 19:54:52 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 18 Aug 2010 04:54:52 +0200 Subject: [SEC] [SA40972] CMSQLite Arbitrary File Upload and Security Bypass Vulnerabilities Message-ID: <201008180254.o7I2sq6C032312@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: CMSQLite Arbitrary File Upload and Security Bypass Vulnerabilities SECUNIA ADVISORY ID: SA40972 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40972/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40972 RELEASE DATE: 2010-08-18 DISCUSS ADVISORY: http://secunia.com/advisories/40972/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40972/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40972 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in CMSQlite, which can be exploited by malicious users to compromise a vulnerable system and malicious people to bypass security restrictions. 1) The admin/mediaAdmin.php script insufficiently verifies the type of uploaded files, which can be exploited to e.g. upload and execute PHP scripts by setting the "Content-Type" header to an accepted type (e.g. "image/jpeg"). 2) The admin/mediaAdmin.php script does not properly terminate execution for unauthenticated sessions, which can be exploited to perform administrative actions via direct HTTP requests without being authenticated. NOTE: Vulnerability #1 and #2 can be used in conjunction. The vulnerabilities are confirmed in version 1.3.1. Other versions may also be affected. SOLUTION: Restrict access to the "admin" directory (e.g. via a ".htaccess" file). PROVIDED AND/OR DISCOVERED BY: BlackHawk OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 17 20:08:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 18 Aug 2010 05:08:00 +0200 Subject: [SEC] [SA40977] Edit-X CMS "search_text" Cross-Site Scripting Vulnerability Message-ID: <201008180308.o7I380gj020386@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Edit-X CMS "search_text" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA40977 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40977/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40977 RELEASE DATE: 2010-08-18 DISCUSS ADVISORY: http://secunia.com/advisories/40977/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40977/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40977 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has reported a vulnerability in Edit-X CMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "search_text" parameter in index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in version 2007. Other versions may also be affected. SOLUTION: Reportedly a patch has been released. Contact the vendor for further information. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22542: http://www.htbridge.ch/advisory/xss_vulnerability_in_edit_x_cms.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 17 20:21:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 18 Aug 2010 05:21:43 +0200 Subject: [SEC] [SA40993] MUSE Playlist Processing Buffer Overflow Vulnerabilities Message-ID: <201008180321.o7I3LhxY008475@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: MUSE Playlist Processing Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA40993 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40993/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40993 RELEASE DATE: 2010-08-18 DISCUSS ADVISORY: http://secunia.com/advisories/40993/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40993/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40993 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in MUSE, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to boundary errors in Muse.exe when parsing file names in playlists. This can be exploited to cause a stack-based buffer overflow by tricking a user into opening e.g. a specially crafted M3U or PLS playlist file. Successful exploitation allows execution of arbitrary code. The vulnerabilities are confirmed in version 4.9.0.006. Other versions may also be affected. SOLUTION: Do not open playlist files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Glafkos Charalambous ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/14663/ http://www.exploit-db.com/exploits/14664/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 17 20:42:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 18 Aug 2010 05:42:38 +0200 Subject: [SEC] [SA41016] Apache Geronimo Multiple Vulnerabilities Message-ID: <201008180342.o7I3gcJl029270@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Apache Geronimo Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41016 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41016/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41016 RELEASE DATE: 2010-08-18 DISCUSS ADVISORY: http://secunia.com/advisories/41016/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41016/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41016 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Apache Geronimo, which can be exploited by malicious people to disclose system information or potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system. For more information: SA40252 SA40260 SA40969 The vulnerabilities are reported in versions prior to 2.1.6. SOLUTION: Update to version 2.1.6. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://geronimo.apache.org/2010/07/21/apache-geronimo-v216-released.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 17 20:54:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 18 Aug 2010 05:54:37 +0200 Subject: [SEC] [SA40969] Apache CXF XML Document Type Declaration Processing Vulnerability Message-ID: <201008180354.o7I3sbKu017285@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Apache CXF XML Document Type Declaration Processing Vulnerability SECUNIA ADVISORY ID: SA40969 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40969/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40969 RELEASE DATE: 2010-08-18 DISCUSS ADVISORY: http://secunia.com/advisories/40969/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40969/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40969 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Apache CXF, which can be exploited by malicious people to disclose system information or potentially sensitive information and cause a DoS (Denial of Service). The vulnerability is caused due to CXF not properly restricting the processing of XML Document Type Declarations (DTD). This can be exploited to e.g. determine the existence or include contents of local and potentially external files by including them as a DTD reference or cause a DoS due to CPU or memory consumption by providing e.g. a heavily nested DTD. The vulnerability has been reported in versions prior to 2.0.13, 2.1.10, and 2.2.9. SOLUTION: Update to version 2.0.13, 2.1.10, or 2.2.9. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.listware.net/201006/cxf-users/60160-important-apache-cxf-security-advisory-cve-2010-2076.html http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 17 21:08:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 18 Aug 2010 06:08:09 +0200 Subject: [SEC] [SA41017] Joomla onGallery Component "id" SQL Injection Vulnerability Message-ID: <201008180408.o7I489DH005350@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Joomla onGallery Component "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA41017 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41017/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41017 RELEASE DATE: 2010-08-18 DISCUSS ADVISORY: http://secunia.com/advisories/41017/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41017/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41017 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the onGallery component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to index.php (when "option" is set to "com_ongallery" and "task" is set to "ft") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. NOTE: This can further be exploited to conduct cross-site scripting attacks via SQL error messages. The vulnerability is reported in version 2.0.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: al bayraqim OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 17 21:21:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 18 Aug 2010 06:21:44 +0200 Subject: [SEC] [SA40992] Blue Coat ProxySG Privilege Enforcement Bypass Vulnerability Message-ID: <201008180421.o7I4LigT025845@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Blue Coat ProxySG Privilege Enforcement Bypass Vulnerability SECUNIA ADVISORY ID: SA40992 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40992/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40992 RELEASE DATE: 2010-08-18 DISCUSS ADVISORY: http://secunia.com/advisories/40992/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40992/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40992 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Blue Coat ProxySG, which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to an error in the privilege enforcement, which allows read-only administrators to bypass it by sending CLI commands via a HTTPS URL to the device. Successful exploitation allows a read-only ProxySG administrator to gain full administrative control. SOLUTION: Update to a fixed version when available. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Thierry Zoller. ORIGINAL ADVISORY: Bluecoat: https://kb.bluecoat.com/index?page=content&id=SA45 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 18 10:30:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 18 Aug 2010 19:30:31 +0200 Subject: [SEC] [SA40471] InterPhoto Gallery Two Vulnerabilities Message-ID: <201008181730.o7IHUV7q016503@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: InterPhoto Gallery Two Vulnerabilities SECUNIA ADVISORY ID: SA40471 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40471/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40471 RELEASE DATE: 2010-08-18 DISCUSS ADVISORY: http://secunia.com/advisories/40471/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40471/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40471 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in InterPhoto Gallery, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to disclose sensitive information. 1) Input passed via the "file" parameter to InterPhoto.thumbnail.php is not properly sanitised before being used. This can be exploited to read the content of arbitrary files by passing a specially crafted string, including directory traversal sequences. Successful exploitation of this vulnerability allows disclosing e.g. the "WEBSITE_KEY" in "config/InterPhoto.config.php". 2) The mydesk.upload.php script does not properly validate uploaded files, which can be exploited to upload files with arbitrary extensions. Successful exploitation of this vulnerability allows execution of arbitrary PHP code, but requires knowledge of the generated filename (e.g. via vulnerability #1 or enabled directory listings). This vulnerabilities are confirmed in version 2.4.0 (downloaded 2010-07-12) on the Windows platform. Other versions may also be affected. SOLUTION: Update to an updated version 2.4.0 (2010-07-13), which fixes vulnerability #1, and disable directory listings. PROVIDED AND/OR DISCOVERED BY: 1) Secunia Research 2) Russ McRee ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2010-94/ Russ McRee: http://holisticinfosec.org/content/view/150/45/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 18 11:29:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 18 Aug 2010 20:29:17 +0200 Subject: [SEC] [SA41023] Red Hat update for kernel-rt Message-ID: <201008181829.o7IITHPd006627@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Red Hat update for kernel-rt SECUNIA ADVISORY ID: SA41023 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41023/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41023 RELEASE DATE: 2010-08-18 DISCUSS ADVISORY: http://secunia.com/advisories/41023/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41023/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41023 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for kernel-rt. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, and potentially gain escalated privileges and by malicious people to cause a DoS (Denial of Service). For more information: SA32933 SA38226 SA38594 SA38601 SA39490 SA39697 SA40420 SA40938 SA40965 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0631-1: https://rhn.redhat.com/errata/RHSA-2010-0631.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 18 12:29:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 18 Aug 2010 21:29:20 +0200 Subject: [SEC] [SA40923] FreeBSD "setusercontext()" Security Bypass Vulnerability Message-ID: <201008181929.o7IJTKOt029190@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: FreeBSD "setusercontext()" Security Bypass Vulnerability SECUNIA ADVISORY ID: SA40923 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40923/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40923 RELEASE DATE: 2010-08-18 DISCUSS ADVISORY: http://secunia.com/advisories/40923/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40923/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40923 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in FreeBSD, which can be exploited by malicious, local users to bypass certain security restrictions. The vulnerability is caused due to the "setusercontext()" function in lib/libutil/login_class.c applying certain user settings while it's running with the privileges of another user. This can be exploited to e.g. change certain restricted resource limits by creating a specially crafted "~/.login_conf" file and logging in via e.g. OpenSSH. SOLUTION: Fixed in the CVS repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Andrey Zonov ORIGINAL ADVISORY: http://www.freebsd.org/cgi/query-pr.cgi?pr=141840 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 18 13:29:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 18 Aug 2010 22:29:23 +0200 Subject: [SEC] [SA40984] SUSE update for kernel Message-ID: <201008182029.o7IKTNk5019371@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: SUSE update for kernel SECUNIA ADVISORY ID: SA40984 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40984/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40984 RELEASE DATE: 2010-08-18 DISCUSS ADVISORY: http://secunia.com/advisories/40984/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40984/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40984 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for kernel. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA38594 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SA:2010:035: http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00004.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 18 14:23:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 18 Aug 2010 23:23:16 +0200 Subject: [SEC] [SA41015] Serv-U Security Bypass and Denial of Service Message-ID: <201008182123.o7ILNGWF009265@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Serv-U Security Bypass and Denial of Service SECUNIA ADVISORY ID: SA41015 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41015/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41015 RELEASE DATE: 2010-08-18 DISCUSS ADVISORY: http://secunia.com/advisories/41015/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41015/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41015 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue and a vulnerability have been reported in Serv-U, which can be exploited by malicious users to bypass certain security restrictions and to cause a DoS (Denial of Service). 1) An error in the handling of virtual paths can be exploited to create directories without having the required permissions. 2) An error in the processing of certain URL parameters can be exploited to cause Serv-U to crash. SOLUTION: Upgrade to version 10.2.0.0 or grant only trusted users access to the application. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.serv-u.com/releasenotes/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 18 14:44:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 18 Aug 2010 23:44:20 +0200 Subject: [SEC] [SA41018] Serv-U Security Bypass and Denial of Service Message-ID: <201008182144.o7ILiKRg030084@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Serv-U Security Bypass and Denial of Service SECUNIA ADVISORY ID: SA41018 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41018/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41018 RELEASE DATE: 2010-08-18 DISCUSS ADVISORY: http://secunia.com/advisories/41018/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41018/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41018 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue and a vulnerability have been reported in Serv-U, which can be exploited by malicious users to bypass certain security restrictions and cause a DoS (Denial of Service). For more information: SA41015 SOLUTION: Update to version 10.2.0.0. ORIGINAL ADVISORY: http://www.serv-u.com/releasenotes/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 18 15:11:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 19 Aug 2010 00:11:46 +0200 Subject: [SEC] [SA40966] KOffice PDF Import Filter Multiple Vulnerabilities Message-ID: <201008182211.o7IMBk3C018902@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: KOffice PDF Import Filter Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40966 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40966/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40966 RELEASE DATE: 2010-08-18 DISCUSS ADVISORY: http://secunia.com/advisories/40966/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40966/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40966 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in KOffice, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to the PDF import filter using vulnerable Xpdf code. For more information: SA34291 SA37053 SOLUTION: Do not import untrusted PDF files. ORIGINAL ADVISORY: USN-973-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-August/001142.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 18 15:46:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 19 Aug 2010 00:46:18 +0200 Subject: [SEC] [SA41033] Ubuntu update for koffice Message-ID: <201008182246.o7IMkIKc007925@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Ubuntu update for koffice SECUNIA ADVISORY ID: SA41033 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41033/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41033 RELEASE DATE: 2010-08-19 DISCUSS ADVISORY: http://secunia.com/advisories/41033/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41033/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41033 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for koffice. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA40966 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-973-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-August/001142.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 18 16:14:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 19 Aug 2010 01:14:14 +0200 Subject: [SEC] [SA41019] Mollify Information Disclosure Vulnerabilities Message-ID: <201008182314.o7INEEDm029050@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Mollify Information Disclosure Vulnerabilities SECUNIA ADVISORY ID: SA41019 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41019/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41019 RELEASE DATE: 2010-08-19 DISCUSS ADVISORY: http://secunia.com/advisories/41019/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41019/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41019 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two weaknesses and a vulnerability have been reported in Mollify, which can be exploited by malicious users to disclose system and sensitive information and by malicious people to disclose sensitive information. 1) Certain input passed to backend/r.php is not properly verified before being used to download files. This can be exploited to download arbitrary files from local resources via a Base64 encoded path passed as parameter. 2) A weakness is caused due to the application displaying the absolute path of certain scripts via the administration section. 3) Another weakness is caused due to an error in the installation script and can be exploited to disclose the installation summary. The weaknesses and the vulnerability are reported in versions prior to 1.6.5.5. SOLUTION: Update to version 1.6.5.5, which fixes vulnerabilities #1 and #2. The vendor recommends to delete the "backend/install" directory from the webroot. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://code.google.com/p/mollify/wiki/ChangeLog#Version_1.6.5.5 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 18 16:47:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 19 Aug 2010 01:47:37 +0200 Subject: [SEC] [SA41029] Microsoft Windows win32k.sys Driver "GreStretchBltInternal()" Vulnerability Message-ID: <201008182347.o7INlbtp018029@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Microsoft Windows win32k.sys Driver "GreStretchBltInternal()" Vulnerability SECUNIA ADVISORY ID: SA41029 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41029/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41029 RELEASE DATE: 2010-08-19 DISCUSS ADVISORY: http://secunia.com/advisories/41029/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41029/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41029 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Tavis Ormandy has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious, local users to cause a Denial of Service (DoS). The vulnerability is caused due to a logic error in the "GreStretchBltInternal()" function in win32k.sys when the same hdcDest and hdcSrc Device Context (DC) handles are passed as arguments to the "BitBlt()" API. This can be exploited to unmap the same object twice, triggering an unhandled exception in the kernel that crashes the system. The vulnerability is confirmed in a fully patched version of Windows 7 Professional. No other supported versions of Windows currently seem affected. SOLUTION: Grant access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Tavis Ormandy OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 18 17:11:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 19 Aug 2010 02:11:40 +0200 Subject: [SEC] [SA41010] Debian update for lxr-cvs Message-ID: <201008190011.o7J0Beia006594@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Debian update for lxr-cvs SECUNIA ADVISORY ID: SA41010 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41010/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41010 RELEASE DATE: 2010-08-19 DISCUSS ADVISORY: http://secunia.com/advisories/41010/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41010/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41010 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for lxr-cvs. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA38117 SA39686 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA 2092-1: http://lists.debian.org/debian-security-announce/2010/msg00137.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 18 17:44:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 19 Aug 2010 02:44:20 +0200 Subject: [SEC] [SA41001] Free Simple CMS Remote File Inclusion Vulnerability Message-ID: <201008190044.o7J0iKMU027929@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Free Simple CMS Remote File Inclusion Vulnerability SECUNIA ADVISORY ID: SA41001 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41001/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41001 RELEASE DATE: 2010-08-19 DISCUSS ADVISORY: http://secunia.com/advisories/41001/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41001/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41001 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Free Simple CMS, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "meta" and "phpincdir" parameters to themes/default/index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or remote resources. Successful exploitation requires that "register_globals" is enabled. The vulnerability is confirmed in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Dr.$audi OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 18 18:09:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 19 Aug 2010 03:09:25 +0200 Subject: [SEC] [SA40998] Apache CouchDB Cross-Site Request Forgery Message-ID: <201008190109.o7J19PA0016527@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Apache CouchDB Cross-Site Request Forgery SECUNIA ADVISORY ID: SA40998 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40998/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40998 RELEASE DATE: 2010-08-19 DISCUSS ADVISORY: http://secunia.com/advisories/40998/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40998/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40998 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Apache CouchDB, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. insert and execute arbitrary Javascript code in the context of the administration interface (Futon) by tricking a logged-in administrative user into visiting a malicious web site. The vulnerability is reported in versions 0.8.0 to 0.11.0. SOLUTION: Update to version 0.11.2 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits an anonymous person. ORIGINAL ADVISORY: http://couchdb.apache.org/security.html http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0200.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 18 18:23:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 19 Aug 2010 03:23:03 +0200 Subject: [SEC] [SA40982] Ubuntu update for freetype Message-ID: <201008190123.o7J1N3IG004592@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Ubuntu update for freetype SECUNIA ADVISORY ID: SA40982 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40982/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40982 RELEASE DATE: 2010-08-19 DISCUSS ADVISORY: http://secunia.com/advisories/40982/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40982/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40982 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for freetype. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library. For more information: SA40816 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-972-1: http://www.ubuntu.com/usn/usn-972-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 18 18:44:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 19 Aug 2010 03:44:21 +0200 Subject: [SEC] [SA41032] A-PDF WAV to MP3 Converter File Processing Buffer Overflow Vulnerability Message-ID: <201008190144.o7J1iLLD025430@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: A-PDF WAV to MP3 Converter File Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA41032 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41032/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41032 RELEASE DATE: 2010-08-19 DISCUSS ADVISORY: http://secunia.com/advisories/41032/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41032/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41032 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in A-PDF Wav to Mp3 Converter, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing files, which can be exploited to cause a stack-based buffer overflow by tricking a user into processing a specially crafted file. The vulnerability is confirmed in version 1.0.0. Other versions may also be affected. SOLUTION: Do not process untrusted files. PROVIDED AND/OR DISCOVERED BY: d4rk-h4ck3r ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/14676/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 19 10:28:01 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 19 Aug 2010 19:28:01 +0200 Subject: [SEC] [SA40997] Wyse ThinOS LPD Service Buffer Overflow Message-ID: <201008191728.o7JHS1Fj023587@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Wyse ThinOS LPD Service Buffer Overflow SECUNIA ADVISORY ID: SA40997 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40997/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40997 RELEASE DATE: 2010-08-19 DISCUSS ADVISORY: http://secunia.com/advisories/40997/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40997/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40997 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Wyse ThinOS, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. The vulnerability is caused due to a boundary error in the LPD service and can be exploited to cause a buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in 4.4.079i and also affects all versions prior to 6.5. SOLUTION: Update to version 6.5. PROVIDED AND/OR DISCOVERED BY: US-CERT credits Kevin Finisterres. ORIGINAL ADVISORY: US-CERT VU#320233: http://www.kb.cert.org/vuls/id/320233 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 19 11:28:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 19 Aug 2010 20:28:02 +0200 Subject: [SEC] [SA40987] Joomla JGrid Component File Inclusion and SQL Injection Vulnerabilities Message-ID: <201008191828.o7JIS2Nt013775@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Joomla JGrid Component File Inclusion and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA40987 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40987/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40987 RELEASE DATE: 2010-08-19 DISCUSS ADVISORY: http://secunia.com/advisories/40987/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40987/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40987 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in the JGrid component for Joomla, which can be exploited by malicious people to disclose potentially sensitive information and conduct SQL injection attacks. 1) Input passed to the "controller" parameter in index.php (when "option" is set to "com_jgrid") is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes. 2) Input passed via unspecified parameters is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in version 1.0. Other versions may also be affected. SOLUTION: Update to version 1.1. PROVIDED AND/OR DISCOVERED BY: 1) Salvatore Fresta aka Drosophila. 2) Reported by the vendor. ORIGINAL ADVISORY: Salvatore Fresta: http://www.salvatorefresta.net/?opt=newsid&id=44 JGrid: http://www.datagrids.clubsareus.org/index.php?view=article&catid=1:latest-news&id=45:jgrid-joomla-component-now-available OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 19 12:38:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 19 Aug 2010 21:38:35 +0200 Subject: [SEC] [SA41024] Open-Realty "select_users_lang" Local File Inclusion Vulnerability Message-ID: <201008191938.o7JJcZDw023442@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Open-Realty "select_users_lang" Local File Inclusion Vulnerability SECUNIA ADVISORY ID: SA41024 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41024/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41024 RELEASE DATE: 2010-08-19 DISCUSS ADVISORY: http://secunia.com/advisories/41024/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41024/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41024 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Open-Realty, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to disclose sensitive information. Input passed via the "select_users_lang" POST parameter to index.php is not properly verified before being used to include files. This can be exploited to include files from local resources via directory traversal attacks and URL-encoded NULL bytes. Successful exploitation requires that "magic_quotes_gpc" is disabled. NOTE: This can further be exploited by administrative users to execute arbitrary PHP code by uploading specially crafted image files. The vulnerability is reported in version 2.5.7. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: Nikola Petrov OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 19 13:27:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 19 Aug 2010 22:27:40 +0200 Subject: [SEC] [SA41046] Drupal Simplenews Content Selection Module Cross-Site Scripting Vulnerability Message-ID: <201008192027.o7JKRet3020213@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Drupal Simplenews Content Selection Module Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA41046 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41046/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41046 RELEASE DATE: 2010-08-19 DISCUSS ADVISORY: http://secunia.com/advisories/41046/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41046/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41046 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Simplenews Content Selection module for Drupal, which can be exploited by malicious people to conduct cross-site scripting attacks. Unspecified input is not properly sanitised before being displayed to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected web site. The vulnerability is reported in version 6.x-1.5. Other versions may also be affected. SOLUTION: Update to version 6.x-1.5 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits Henry Sudhof. ORIGINAL ADVISORY: SA-CONTRIB-2010-089: http://drupal.org/node/887140 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 19 14:22:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 19 Aug 2010 23:22:02 +0200 Subject: [SEC] [SA41044] IBM Tivoli Storage Manager FastBack Multiple Vulnerabilities Message-ID: <201008192122.o7JLM2x4010138@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: IBM Tivoli Storage Manager FastBack Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41044 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41044/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41044 RELEASE DATE: 2010-08-19 DISCUSS ADVISORY: http://secunia.com/advisories/41044/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41044/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41044 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in IBM Tivoli Storage Manager FastBack, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. 1) An unspecified error in the Mount service can be exploited to corrupt memory and potentially execute arbitrary code by sending a specially crafted UDP packet to the affected service. 2) A boundary error in the FastBack Server when processing FastBack Client messages can be exploited to cause a buffer overflow and potentially execute arbitrary code. 3) An unspecified error in the FastBack Server when processing FastBack Client messages can be exploited to cause the server to fail and stop backup operations. 4) An unspecified error in FastBack Mount when processing FastBack Shell messages can be exploited to cause FastBack Mount to fail and stop recovery operations. The vulnerabilities are reported in versions prior to 5.5.7 and 6.1.1. SOLUTION: Update to version 5.5.7 or 6.1.1. PROVIDED AND/OR DISCOVERED BY: The vendor credits TippingPoint. ORIGINAL ADVISORY: IBM (IC69883): http://www-01.ibm.com/support/docview.wss?uid=swg21443820 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 19 14:42:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 19 Aug 2010 23:42:26 +0200 Subject: [SEC] [SA41043] DotNetNuke Syndication Handler Denial of Service Vulnerability Message-ID: <201008192142.o7JLgQTS030938@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: DotNetNuke Syndication Handler Denial of Service Vulnerability SECUNIA ADVISORY ID: SA41043 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41043/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41043 RELEASE DATE: 2010-08-19 DISCUSS ADVISORY: http://secunia.com/advisories/41043/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41043/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41043 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in DotNetNuke, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the syndication handler, which does not properly process requests while searching for the relevant data. This can be exploited to exhaust available resources via a large number of specially crafted requests. The vulnerability is reported in versions prior to 5.5.0. SOLUTION: Update to version 5.5.0 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.dotnetnuke.com/News/SecurityPolicy/Securitybulletinno43/tabid/1612/Default.aspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 20 10:29:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 20 Aug 2010 19:29:43 +0200 Subject: [SEC] [SA41058] phpMyAdmin "setup.php" Arbitrary PHP Code Injection Message-ID: <201008201729.o7KHTh5F025966@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: phpMyAdmin "setup.php" Arbitrary PHP Code Injection SECUNIA ADVISORY ID: SA41058 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41058/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41058 RELEASE DATE: 2010-08-20 DISCUSS ADVISORY: http://secunia.com/advisories/41058/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41058/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41058 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in phpMyAdmin, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the application not properly sanitising configuration parameters during the setup procedure. This can be exploited to inject arbitrary PHP code into the phpMyAdmin configuration file. NOTE: Successful exploitation requires that installation best-practices have not been followed and the setup scripts have not been deleted after a successful installation. The vulnerability is reported in versions prior to 2.11.10.1. SOLUTION: Update to version 2.11.10.1. PROVIDED AND/OR DISCOVERED BY: The vendor credits Takeshi Terada, Mitsui Bussan Secure Directions ORIGINAL ADVISORY: phpMyAdmin: http://www.phpmyadmin.net/home_page/security/PMASA-2010-4.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 20 11:29:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 20 Aug 2010 20:29:43 +0200 Subject: [SEC] [SA40999] Debian update for ghostscript Message-ID: <201008201829.o7KIThsK016143@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Debian update for ghostscript SECUNIA ADVISORY ID: SA40999 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40999/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40999 RELEASE DATE: 2010-08-20 DISCUSS ADVISORY: http://secunia.com/advisories/40999/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40999/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40999 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for ghostscript. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA34292 SA39753 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA-2093-1: http://lists.debian.org/debian-security-announce/2010/msg00139.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 20 12:30:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 20 Aug 2010 21:30:05 +0200 Subject: [SEC] [SA41000] phpMyAdmin Cross-Site Scripting Vulnerabilities Message-ID: <201008201930.o7KJU5DX006341@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: phpMyAdmin Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA41000 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41000/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41000 RELEASE DATE: 2010-08-20 DISCUSS ADVISORY: http://secunia.com/advisories/41000/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41000/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41000 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed via the "field_str" parameter to db_search.php , the "delimiter" parameter to db_sql.php, the "sort" parameter to db_structure.php, the "db" parameter to js/messages.php, the "sort_by" parameter to server_databases.php, the "checkprivs", "dbname", "pred_tablename", "selected_usr[]", "tablename", and "username" parameters to server_privileges.php, the "DefaultLang" parameter to setup/config.php, the "cpurge", "goto", "purge", "purgekey", "table", and "zero_rows" parameters to sql.php, and the "fields[multi_edit][]" parameter to tbl_replace.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in versions prior to 3.3.5.1 and 2.11.10.1. SOLUTION: Update to version 3.3.5.1 or 2.11.10.1. PROVIDED AND/OR DISCOVERED BY: 1) Aung Khant, YGN Ethical Hacker Group 2) Reported by the vendor ORIGINAL ADVISORY: phpMyAdmin: http://www.phpmyadmin.net/home_page/security/PMASA-2010-5.php Aung Khant: http://yehg.net/lab/pr0js/advisories/phpmyadmin/%5Bphpmyadmin-3.3.5%5D_cross_site_scripting%28XSS%29 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 20 13:29:51 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 20 Aug 2010 22:29:51 +0200 Subject: [SEC] [SA40805] Novell iPrint Client Two Vulnerabilities Message-ID: <201008202029.o7KKTpkH028927@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Novell iPrint Client Two Vulnerabilities SECUNIA ADVISORY ID: SA40805 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40805/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40805 RELEASE DATE: 2010-08-20 DISCUSS ADVISORY: http://secunia.com/advisories/40805/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40805/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40805 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Novell iPrint Client, which can be exploited by malicious people to compromise a user's system. 1) A boundary error in the handling of the "call-back-url" parameter value for a "op-client-interface-version" operation where the "result-type" parameter is set to "url" can be exploited to cause a stack-based buffer overflow via an overly long "call-back-url" parameter value. 2) An error in PluginGetDriverFile can be exploited to use data in uninitialised memory as a pointer. Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website. SOLUTION: Update to version 5.44. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) Carsten Eiram, Secunia Research. 2) Aaron Portnoy, TippingPoint DVLabs. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2010-104/ Novell: http://www.novell.com/support/viewContent.do?externalId=7006679 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 20 14:23:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 20 Aug 2010 23:23:24 +0200 Subject: [SEC] [SA41041] Red Hat High Performance Computing (HPC) Solution Multiple Vulnerabilities Message-ID: <201008202123.o7KLNO2U018821@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Red Hat High Performance Computing (HPC) Solution Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41041 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41041/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41041 RELEASE DATE: 2010-08-20 DISCUSS ADVISORY: http://secunia.com/advisories/41041/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41041/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41041 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has acknowledged some vulnerabilities in Red Hat High Performance Computing (HPC) Solution, which can be exploited by malicious users to compromise a vulnerable system, conduct SQL injection, and script insertion attacks and by malicious people to conduct cross-site scripting and SQL injection attacks. For more information: SA37481 SA39568 SA39570 The vulnerabilities are reported in versions prior to 5.5. SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0635-1: https://rhn.redhat.com/errata/RHSA-2010-0635.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 20 14:44:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 20 Aug 2010 23:44:31 +0200 Subject: [SEC] [SA41005] SLiM Insecure Default "default_path" Configuration Weakness Message-ID: <201008202144.o7KLiVT2007259@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: SLiM Insecure Default "default_path" Configuration Weakness SECUNIA ADVISORY ID: SA41005 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41005/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41005 RELEASE DATE: 2010-08-20 DISCUSS ADVISORY: http://secunia.com/advisories/41005/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41005/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41005 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in SLiM, which can be exploited by malicious, local users to gain escalated privileges. The weakness is caused due to SLiM's default configuration defining "./" as part of the "default_path" setting, which can lead to users inheriting a potentially insecure PATH environment variable after logging in via SLiM. The weakness is reported in versions prior to 1.3.2. SOLUTION: Update to version 1.3.2. Manually verify your SLiM configuration. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://svn.berlios.de/viewvc/slim?view=revision&revision=171 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 20 15:11:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 21 Aug 2010 00:11:07 +0200 Subject: [SEC] [SA41012] Red Hat update for acroread Message-ID: <201008202211.o7KMB7re028434@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Red Hat update for acroread SECUNIA ADVISORY ID: SA41012 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41012/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41012 RELEASE DATE: 2010-08-20 DISCUSS ADVISORY: http://secunia.com/advisories/41012/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41012/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41012 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for acroread. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA40766 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0636-2: https://rhn.redhat.com/errata/RHSA-2010-0636.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 20 15:46:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 21 Aug 2010 00:46:16 +0200 Subject: [SEC] [SA41055] Linux Kernel CAN Broadcast Manager Integer Overflow Vulnerabilities Message-ID: <201008202246.o7KMkGGl017500@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Linux Kernel CAN Broadcast Manager Integer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA41055 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41055/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41055 RELEASE DATE: 2010-08-21 DISCUSS ADVISORY: http://secunia.com/advisories/41055/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41055/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41055 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to gain escalated privileges. The vulnerabilities are caused due to integer overflows within the implementation of the CAN (Controller Area Network) BCM (Broadcast Manager) protocol, which can be exploited to e.g. gain escalated privileges by sending specially crafted CAN traffic. The vulnerabilities are reported in version 2.6.25 and later. SOLUTION: Fixed in version 2.6.36-rc1. PROVIDED AND/OR DISCOVERED BY: Ben Hawkes ORIGINAL ADVISORY: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=5b75c4973ce779520b9d1e392483207d6f842cde USN-974-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-August/001143.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 20 16:12:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 21 Aug 2010 01:12:54 +0200 Subject: [SEC] [SA41056] Ubuntu update for kernel Message-ID: <201008202312.o7KNCsDH006194@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Ubuntu update for kernel SECUNIA ADVISORY ID: SA41056 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41056/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41056 RELEASE DATE: 2010-08-21 DISCUSS ADVISORY: http://secunia.com/advisories/41056/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41056/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41056 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and gain escalated privileges. For more information: SA40656 SA40965 SA41055 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-974-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-August/001143.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 20 16:45:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 21 Aug 2010 01:45:31 +0200 Subject: [SEC] [SA40656] Linux Kernel DRM Kernel Memory Disclosure Vulnerability Message-ID: <201008202345.o7KNjVFu027554@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Linux Kernel DRM Kernel Memory Disclosure Vulnerability SECUNIA ADVISORY ID: SA40656 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40656/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40656 RELEASE DATE: 2010-08-21 DISCUSS ADVISORY: http://secunia.com/advisories/40656/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40656/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40656 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive information. The vulnerability is caused due to the "drm_ioctl()" function in drivers/gpu/drm/drm_drv.c not properly cleaning kernel memory before copying it to the userspace, which can be exploited to disclose potentially sensitive information by sending specially crafted IOCTLs. Successful exploitation requires that the user has read and write access to the DRI path (e.g. is part of the "video" group). SOLUTION: Fixed in the GIT repository of Dave Airlie. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Kees Cook ORIGINAL ADVISORY: http://git.kernel.org/?p=linux/kernel/git/airlied/drm-2.6.git;a=commitdiff;h=b9f0aee83335db1f3915f4e42a5e21b351740afd http://git.kernel.org/?p=linux/kernel/git/airlied/drm-2.6.git;a=commitdiff;h=1b2f1489633888d4a06028315dc19d65768a1c05 USN-974-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-August/001143.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 20 17:11:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 21 Aug 2010 02:11:30 +0200 Subject: [SEC] [SA41026] SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control Vulnerability Message-ID: <201008210011.o7L0BUvi016224@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control Vulnerability SECUNIA ADVISORY ID: SA41026 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41026/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41026 RELEASE DATE: 2010-08-21 DISCUSS ADVISORY: http://secunia.com/advisories/41026/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41026/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41026 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Nikolas Sotiriu has discovered a vulnerability in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a format string error in epi.dll when creating a log message and can be exploited via a specially crafted string e.g. assigned to the "AuthCredential" property of the "Aventail.EPInterrogator" control. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in versions prior to 10.0.5 (confirmed in 10.0.4.35) and in version 10.5.1 without the hotfix. SOLUTION: Update to version 10.0.5 and apply hotfix for version 10.5.1. PROVIDED AND/OR DISCOVERED BY: Nikolas Sotiriu ORIGINAL ADVISORY: Nikolas Sotiriu: http://sotiriu.de/adv/NSOADV-2010-005.txt SonicWALL: http://www.sonicwall.com/us/support/kb.asp?kbid=8272 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 20 17:44:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 21 Aug 2010 02:44:09 +0200 Subject: [SEC] [SA41022] Zope LDAPUserFolder Product "authenticate()" Authentication Security Bypass Message-ID: <201008210044.o7L0i9Iw005161@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Zope LDAPUserFolder Product "authenticate()" Authentication Security Bypass SECUNIA ADVISORY ID: SA41022 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41022/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41022 RELEASE DATE: 2010-08-21 DISCUSS ADVISORY: http://secunia.com/advisories/41022/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41022/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41022 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the LDAPUserFolder product for Zope, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error within the "authenticate()" function in Products/LDAPUserFolder/LDAPUserFolder.py, which does not properly verify the password provided for the emergency user. This can be exploited to gain access to certain pages of the LDAPUserFolder product by providing an arbitrary password. The vulnerability is confirmed in version 2.18. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Reported by Jeremy James in a Debian bug report. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 20 18:09:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 21 Aug 2010 03:09:22 +0200 Subject: [SEC] [SA41030] Fedora update for freeciv Message-ID: <201008210109.o7L19MUQ026191@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Fedora update for freeciv SECUNIA ADVISORY ID: SA41030 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41030/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41030 RELEASE DATE: 2010-08-21 DISCUSS ADVISORY: http://secunia.com/advisories/41030/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41030/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41030 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for freeciv. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA40078 SOLUTION: Apply updated packages via the yum utility ("yum update freeciv"). ORIGINAL ADVISORY: FEDORA-2010-12262: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045854.html FEDORA-2010-12256: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045953.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 20 18:23:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 21 Aug 2010 03:23:20 +0200 Subject: [SEC] [SA41031] Fedora update for thunderbird and sunbird Message-ID: <201008210123.o7L1NK3A014299@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Fedora update for thunderbird and sunbird SECUNIA ADVISORY ID: SA41031 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41031/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41031 RELEASE DATE: 2010-08-21 DISCUSS ADVISORY: http://secunia.com/advisories/41031/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41031/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41031 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for thunderbird and sunbird. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA40720 SOLUTION: Apply updated packages via the yum utility ("yum update thunderbird sunbird"). ORIGINAL ADVISORY: FEDORA-2010-13129: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045926.html http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045927.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 20 18:44:50 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 21 Aug 2010 03:44:50 +0200 Subject: [SEC] [SA41014] Google Chrome Multiple Vulnerabilities Message-ID: <201008210144.o7L1io82002736@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41014 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41014/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41014 RELEASE DATE: 2010-08-21 DISCUSS ADVISORY: http://secunia.com/advisories/41014/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41014/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41014 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, where one has an unknown impact and others can be exploited by malicious people to conduct spoofing attacks and compromise a user's system. 1) An error related to the file dialog can be exploited to corrupt memory. 2) An error in the processing of SVG content can be exploited to corrupt memory. 3) A bad cast exists related to text editing. 4) An unspecified error allows e.g. spoofing the address bar. 5) An error in the MIME type handling can be exploited to corrupt memory. 6) An error within the notification causes a "critical crash" during shutdown. 7) The omnibox does not stop auto-suggestion when a user is about to enter a password. 8) An error in the Ruby support can be exploited to corrupt memory. 9) An error in the Geolocation support can be exploited to corrupt memory. SOLUTION: Update to version 5.0.375.127. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1, 5, 6) Sergey Glazunov 2, 3) wushi of team509 4) Mike Taylor 7) Robert Hansen 8, 9) kuzzcc The vendor also credits Marc Schoenefeld for his help regarding a workaround related to a Windows kernel vulnerability. ORIGINAL ADVISORY: Google: http://googlechromereleases.blogspot.com/2010/08/stable-channel-update_19.html Marc Schoenefeld: http://www.marc-schoenefeld.de/vulns.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 20 19:11:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 21 Aug 2010 04:11:32 +0200 Subject: [SEC] [SA41057] IBM Content Integrator Web Services Axis2 Vulnerability Message-ID: <201008210211.o7L2BWPQ024339@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: IBM Content Integrator Web Services Axis2 Vulnerability SECUNIA ADVISORY ID: SA41057 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41057/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41057 RELEASE DATE: 2010-08-21 DISCUSS ADVISORY: http://secunia.com/advisories/41057/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41057/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41057 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged a vulnerability in IBM Content Integrator, which can be exploited by malicious people to disclose system information or potentially sensitive information and cause a DoS (Denial of Service). For more information: SA40252 SOLUTION: Update to version 8.5.1 Fix Pack 2. ORIGINAL ADVISORY: IBM: http://www-01.ibm.com/support/docview.wss?uid=swg27019456 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 23 10:28:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 23 Aug 2010 19:28:27 +0200 Subject: [SEC] [SA41045] Windows "Ipv4SetEchoRequestCreate()" Interruption Denial of Service Message-ID: <201008231728.o7NHSRrC020612@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Windows "Ipv4SetEchoRequestCreate()" Interruption Denial of Service SECUNIA ADVISORY ID: SA41045 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41045/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41045 RELEASE DATE: 2010-08-23 DISCUSS ADVISORY: http://secunia.com/advisories/41045/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41045/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41045 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: l3D has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to Ipv4SetEchoRequestCreate() in tcpip.sys not releasing a locked memory page before process termination when being interrupted during creation of an echo request. This can be exploited to trigger a bug-check that crashes the system. The vulnerability is confirmed in a fully patched versions of Windows Vista Business SP1, Windows 7 Professional, and Windows Server 2008 Enterprise SP2. SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: l3D ORIGINAL ADVISORY: http://nullbyte.org.il/View_113_Microsoft_Windows_DoS_%28IcmpSendEcho2Ex_interrupting%29.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 23 11:28:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 23 Aug 2010 20:28:02 +0200 Subject: [SEC] [SA41037] Debian update for lvm2 Message-ID: <201008231828.o7NIS2pQ010796@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Debian update for lvm2 SECUNIA ADVISORY ID: SA41037 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41037/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41037 RELEASE DATE: 2010-08-23 DISCUSS ADVISORY: http://secunia.com/advisories/41037/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41037/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41037 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for lvm2. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges. For more information: SA40759 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA 2095-1: http://lists.debian.org/debian-security-announce/2010/msg00141.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 23 12:29:01 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 23 Aug 2010 21:29:01 +0200 Subject: [SEC] [SA40792] Mono libgdiplus Image Processing Integer Overflow Vulnerabilities Message-ID: <201008231929.o7NJT10d000974@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Mono libgdiplus Image Processing Integer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA40792 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40792/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40792 RELEASE DATE: 2010-08-23 DISCUSS ADVISORY: http://secunia.com/advisories/40792/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40792/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40792 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered some vulnerabilities in libgdiplus for Mono, which can be exploited by malicious people to compromise an application using the library. 1) An integer overflow error within the "gdip_load_tiff_image()" function in src/tiffcodec.c can be exploited to cause a heap-based buffer overflow by e.g. processing specially crafted TIFF images in an application using the library. 2) An integer overflow error within the "gdip_load_jpeg_image_internal()" function in src/jpegcodec.c can be exploited to cause a heap-based buffer overflow by e.g. processing specially crafted JPEG images in an application using the library. 3) An integer overflow error within the "gdip_read_bmp_image()" function in src/bmpcodec.c can be exploited to cause a heap-based buffer overflow by e.g. processing specially crafted BMP images in an application using the library. The vulnerabilities are confirmed in version 2.6.7. Other versions may also be affected. SOLUTION: Do not process untrusted images in an application using the library. PROVIDED AND/OR DISCOVERED BY: Stefan Cornelius, Secunia Research. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2010-102/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 23 13:29:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 23 Aug 2010 22:29:09 +0200 Subject: [SEC] [SA41068] MAXdev MD-Pro "sid" Cross-Site Scripting Vulnerability Message-ID: <201008232029.o7NKT9xJ023642@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: MAXdev MD-Pro "sid" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA41068 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41068/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41068 RELEASE DATE: 2010-08-23 DISCUSS ADVISORY: http://secunia.com/advisories/41068/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41068/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41068 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in MAXdev MD-Pro, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "sid" parameter to modules.php (when "op" is set to "modload", "name" to "News", and "file" to "article") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.083. Other versions may also be affected. SOLUTION: Fixed in the SVN repository. PROVIDED AND/OR DISCOVERED BY: HTBridge ORIGINAL ADVISORY: HTB22563: http://www.htbridge.ch/advisory/xss_vulnerability_in_maxdev.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 23 14:23:57 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 23 Aug 2010 23:23:57 +0200 Subject: [SEC] [SA41067] Auto FTP Manager Directory Download Directory Traversal Vulnerability Message-ID: <201008232123.o7NLNvr5013617@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Auto FTP Manager Directory Download Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA41067 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41067/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41067 RELEASE DATE: 2010-08-23 DISCUSS ADVISORY: http://secunia.com/advisories/41067/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41067/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41067 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Auto FTP Manager, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when downloading directories containing files with directory traversal specifiers in the filename. This can be exploited to download files to an arbitrary location on a user's system. Successful exploitation requires that the user is tricked into connecting and downloading a directory from a malicious FTP server. The vulnerability is confirmed in version 5.13. Other versions may also be affected. SOLUTION: Download from trusted servers only. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: http://www.htbridge.ch/advisory/directory_traversal_in_autoftp_manager.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 23 14:45:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 23 Aug 2010 23:45:27 +0200 Subject: [SEC] [SA41066] 3D-FTP Directory Download Directory Traversal Vulnerability Message-ID: <201008232145.o7NLjReh002037@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: 3D-FTP Directory Download Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA41066 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41066/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41066 RELEASE DATE: 2010-08-23 DISCUSS ADVISORY: http://secunia.com/advisories/41066/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41066/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41066 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in 3D-FTP, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when downloading directories containing files with directory traversal specifiers in the filename. This can be exploited to download files to an arbitrary location on a user's system. Successful exploitation requires that the user is tricked into connecting and downloading a directory from a malicious FTP server. The vulnerability is confirmed in version 9.0 build 2. Other versions may also be affected. SOLUTION: Download from trusted servers only. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: http://www.htbridge.ch/advisory/directory_traversal_in_3d_ftp_client.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 23 15:12:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 24 Aug 2010 00:12:00 +0200 Subject: [SEC] [SA41059] Joomla! JPodium Component Cross-Site Request Forgery Vulnerability Message-ID: <201008232212.o7NMC00i023292@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Joomla! JPodium Component Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA41059 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41059/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41059 RELEASE DATE: 2010-08-23 DISCUSS ADVISORY: http://secunia.com/advisories/41059/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41059/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41059 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the JPodium component for Joomla!, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. delete races or delete athletes by tricking a logged in administrative user into visiting a malicious web site. The vulnerability is reported in versions prior to 0.9.016. SOLUTION: Update to version 0.9.016. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.jpodium.de/index.php/learn-more/revision-history OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 23 15:46:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 24 Aug 2010 00:46:31 +0200 Subject: [SEC] [SA41036] netStartEnterprise "id" SQL Injection Vulnerability Message-ID: <201008232246.o7NMkV8q012352@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: netStartEnterprise "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA41036 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41036/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41036 RELEASE DATE: 2010-08-24 DISCUSS ADVISORY: http://secunia.com/advisories/41036/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41036/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41036 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in netStartEnterprise, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to previeweventdetail.aspx is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: L1nK OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 23 16:12:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 24 Aug 2010 01:12:05 +0200 Subject: [SEC] [SA41075] Fedora update for phpMyAdmin Message-ID: <201008232312.o7NNC5Zh000957@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Fedora update for phpMyAdmin SECUNIA ADVISORY ID: SA41075 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41075/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41075 RELEASE DATE: 2010-08-24 DISCUSS ADVISORY: http://secunia.com/advisories/41075/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41075/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41075 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for phpMyAdmin. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA41000 SOLUTION: Apply updated packages using the yum utility ("yum update phpMyAdmin"). ORIGINAL ADVISORY: FEDORA-2010-13258: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045997.html FEDORA-2010-13249: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045991.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 23 16:47:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 24 Aug 2010 01:47:34 +0200 Subject: [SEC] [SA41077] Fedora uzbl "@SELECTED_URI" Command Injection Vulnerability Message-ID: <201008232347.o7NNlYuN022501@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Fedora uzbl "@SELECTED_URI" Command Injection Vulnerability SECUNIA ADVISORY ID: SA41077 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41077/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41077 RELEASE DATE: 2010-08-24 DISCUSS ADVISORY: http://secunia.com/advisories/41077/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41077/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41077 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has acknowledged a vulnerability in uzbl, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the default configuration file containing an insecure binding for the middle mouse button, which can be exploited to inject and execute arbitrary shell commands by e.g. tricking a user into clicking a malicious link using the middle mouse button. SOLUTION: Apply updated packages via the yum utility ("yum update uzbl"). Manually check and update uzbl configuration files (see vendor's advisory for additional details). PROVIDED AND/OR DISCOVERED BY: Pawel Zuzelski and 'Chuzz' ORIGINAL ADVISORY: FEDORA-2010-12276: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045989.html FEDORA-2010-12260: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045994.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 23 17:11:55 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 24 Aug 2010 02:11:55 +0200 Subject: [SEC] [SA41069] FTPGetter FTP Directory Download Directory Traversal Vulnerability Message-ID: <201008240011.o7O0Btev011124@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: FTPGetter FTP Directory Download Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA41069 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41069/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41069 RELEASE DATE: 2010-08-24 DISCUSS ADVISORY: http://secunia.com/advisories/41069/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41069/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41069 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in FTPGetter Standard, FTPGetter Professional, and FTPGetter Professional Portable Edition, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when downloading directories containing files with directory traversal specifiers in the filename. This can be exploited to download files to an arbitrary location on a user's system. Successful exploitation requires that the user is tricked into connecting and downloading a directory from a malicious FTP server. The vulnerability is confirmed in FTPGetter Standard version 3.55.0.05, FTPGetter Professional version 3.55.0.07, and FTPGetter Professional Portable Edition version 3.55.0.11. Other versions may also be affected. SOLUTION: Download from trusted servers only. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: http://www.htbridge.ch/advisory/directory_traversal_in_ftpgetter.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 23 17:45:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 24 Aug 2010 02:45:05 +0200 Subject: [SEC] [SA41073] Fedora update for DeviceKit-power Message-ID: <201008240045.o7O0j5WI032515@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Fedora update for DeviceKit-power SECUNIA ADVISORY ID: SA41073 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41073/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41073 RELEASE DATE: 2010-08-24 DISCUSS ADVISORY: http://secunia.com/advisories/41073/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41073/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41073 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for DeviceKit-power. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions. The security issue is caused due to DeviceKit-power being compiled with a vulnerable copy of D-Bus GLib. For more information: SA41071 SOLUTION: Apply updated packages using the yum utility ("yum update DeviceKit-power"). ORIGINAL ADVISORY: FEDORA-2010-12911: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046008.html FEDORA-2010-12863: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045980.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 23 18:09:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 24 Aug 2010 03:09:58 +0200 Subject: [SEC] [SA41072] Fedora update for ModemManager Message-ID: <201008240109.o7O19wMq021129@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Fedora update for ModemManager SECUNIA ADVISORY ID: SA41072 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41072/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41072 RELEASE DATE: 2010-08-24 DISCUSS ADVISORY: http://secunia.com/advisories/41072/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41072/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41072 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for ModemManager. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions. The security issue is caused due to ModemManager being compiled with a vulnerable copy of D-Bus GLib. For more information: SA41071 SOLUTION: Apply updated packages using the yum utility ("yum update ModemManager"). ORIGINAL ADVISORY: FEDORA-2010-12911: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046009.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 23 18:24:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 24 Aug 2010 03:24:05 +0200 Subject: [SEC] [SA41071] Fedora update for dbus-glib Message-ID: <201008240124.o7O1O5Xj009277@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Fedora update for dbus-glib SECUNIA ADVISORY ID: SA41071 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41071/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41071 RELEASE DATE: 2010-08-24 DISCUSS ADVISORY: http://secunia.com/advisories/41071/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41071/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41071 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for dbus-glib. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security features. For more information: SA40908 SOLUTION: Apply updated packages using the yum utility ("yum update dbus-glib"). ORIGINAL ADVISORY: FEDORA-2010-12911: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046007.html FEDORA-2010-12863: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045979.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 23 18:44:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 24 Aug 2010 03:44:37 +0200 Subject: [SEC] [SA41074] Fedora update for NetworkManager Message-ID: <201008240144.o7O1ibs0030091@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Fedora update for NetworkManager SECUNIA ADVISORY ID: SA41074 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41074/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41074 RELEASE DATE: 2010-08-24 DISCUSS ADVISORY: http://secunia.com/advisories/41074/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41074/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41074 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for NetworkManager. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions. The security issue is caused due to NetworkManager being compiled with a vulnerable copy of D-Bus GLib. For more information: SA41071 SOLUTION: Apply updated packages using the yum utility ("yum update NetworkManager"). ORIGINAL ADVISORY: FEDORA-2010-12911: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046010.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 23 19:13:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 24 Aug 2010 04:13:32 +0200 Subject: [SEC] [SA41027] httpdx HTTP / FTP Request Handling Two Vulnerabilities Message-ID: <201008240213.o7O2DW9R019390@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: httpdx HTTP / FTP Request Handling Two Vulnerabilities SECUNIA ADVISORY ID: SA41027 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41027/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41027 RELEASE DATE: 2010-08-24 DISCUSS ADVISORY: http://secunia.com/advisories/41027/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41027/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41027 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in httpdx, which can be exploited by malicious people to cause a DoS (Denial of Service) and by malicious users to potentially compromise a vulnerable system. 1) An error when handling HTTP requests can be exploited to crash the service by sending multiple HTTP requests. 2) An error when handling FTP requests can be exploited to cause a crash and potentially execute arbitrary code by sending multiple FTP requests. The vulnerabilities are confirmed in version 1.5.4. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Dr_IDE ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/14683/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 23 19:44:45 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 24 Aug 2010 04:44:45 +0200 Subject: [SEC] [SA41035] Debian update for linux-2.6 Message-ID: <201008240244.o7O2ijGm008304@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Debian update for linux-2.6 SECUNIA ADVISORY ID: SA41035 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41035/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41035 RELEASE DATE: 2010-08-24 DISCUSS ADVISORY: http://secunia.com/advisories/41035/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41035/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41035 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for linux-2.6. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, and gain escalated privileges, and by malicious people to cause a DoS. For more information: SA37590 SA38499 SA39490 SA40205 SA40656 SA40965 SA41055 1) Errors within the implementation of the External Data Representation (XDR) for NFSv4 can be exploited to cause a kernel panic and potentially execute arbitrary code by sending specially crafted compound requests to the NFSv4 server. 2) An error within the GFS2 file system when handing certain rename operations can be exploited to cause a kernel crash. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Debian credits: 1) Neil Brown 2) Bob Peterson ORIGINAL ADVISORY: DSA-2094-1: http://lists.debian.org/debian-security-announce/2010/msg00140.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 23 20:09:55 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 24 Aug 2010 05:09:55 +0200 Subject: [SEC] [SA41076] Fedora update for moodle Message-ID: <201008240309.o7O39tJK029332@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Fedora update for moodle SECUNIA ADVISORY ID: SA41076 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41076/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41076 RELEASE DATE: 2010-08-24 DISCUSS ADVISORY: http://secunia.com/advisories/41076/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41076/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41076 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for moodle. This fixes multiple vulnerabilities, which can be exploited by malicious users to hijack another user's session and by malicious people to conduct cross-site scripting attacks. For more information: SA39613 SA40845 SOLUTION: Apply updated packages via the yum utility ("yum update moodle"). ORIGINAL ADVISORY: FEDORA-2010-13254: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045996.html FEDORA-2010-13250: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045992.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 24 10:30:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 24 Aug 2010 19:30:09 +0200 Subject: [SEC] [SA41038] Quagga BGP Daemon Denial of Service and Buffer Overflow Vulnerabilities Message-ID: <201008241730.o7OHU9KE023239@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Quagga BGP Daemon Denial of Service and Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA41038 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41038/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41038 RELEASE DATE: 2010-08-24 DISCUSS ADVISORY: http://secunia.com/advisories/41038/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41038/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41038 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Quagga, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. 1) A NULL-pointer dereference error when parsing Autonomous System (AS) paths can be exploited to crash the "bgpd" daemon via a specially crafted BGP update request from a configured peer. 2) A boundary error when processing Route-Refresh messages can be exploited to cause a stack-based buffer overflow via a specially crafted Outbound Route Filtering (ORF) record sent from a configured peer. Successful exploitation may allow execution of arbitrary code. The vulnerabilities are reported in versions prior to 0.99.17. SOLUTION: Update to version 0.99.17. PROVIDED AND/OR DISCOVERED BY: The vendor credits the CROSS team. ORIGINAL ADVISORY: http://www.quagga.net/news2.php?y=2010&m=8&d=19#id1282241100 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 24 11:29:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 24 Aug 2010 20:29:31 +0200 Subject: [SEC] [SA41049] Sun Solaris Xorg Server Render Extension Memory Corruption Vulnerability Message-ID: <201008241829.o7OITVBN013414@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Sun Solaris Xorg Server Render Extension Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA41049 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41049/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41049 RELEASE DATE: 2010-08-24 DISCUSS ADVISORY: http://secunia.com/advisories/41049/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41049/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41049 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged a vulnerability in Sun Solaris and Sun Ray Server Software, which can be exploited by malicious people to potentially compromise a user's system. For more information: SA39650 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: http://blogs.sun.com/security/entry/cve_2010_1166_denial_of OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 24 12:29:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 24 Aug 2010 21:29:35 +0200 Subject: [SEC] [SA41062] HP MagCloud Unauthorised Application Data Access Vulnerability Message-ID: <201008241929.o7OJTZ7V003618@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: HP MagCloud Unauthorised Application Data Access Vulnerability SECUNIA ADVISORY ID: SA41062 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41062/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41062 RELEASE DATE: 2010-08-24 DISCUSS ADVISORY: http://secunia.com/advisories/41062/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41062/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41062 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP MagCloud, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an unspecified error and can be exploited to gain unauthorised read and write access to certain MagCloud application data. The vulnerability is reported in versions prior to 1.0.5. SOLUTION: Update to version 1.0.5 via the Apple App Store. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBGN02569 SSRT100200: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02478639 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 24 13:29:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 24 Aug 2010 22:29:44 +0200 Subject: [SEC] [SA41039] Cisco WebEx Player ARF Parsing Buffer Overflow Vulnerability Message-ID: <201008242029.o7OKTiui026254@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Cisco WebEx Player ARF Parsing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA41039 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41039/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41039 RELEASE DATE: 2010-08-24 DISCUSS ADVISORY: http://secunia.com/advisories/41039/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41039/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41039 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco WebEx Player, which can be exploited by malicious people to compromise a user's system. The vulnerability exists due to a boundary error when parsing strings in ARF files and can be exploited to cause a heap-based buffer overflow via a specially crafted ARF file. Successful exploitation may allow execution of arbitrary code. SOLUTION: Reportedly fixed in version T27FR14. Contact the vendor for further information. PROVIDED AND/OR DISCOVERED BY: Gabriel Menezes Nunes, reported via ZDI. ORIGINAL ADVISORY: http://www.zerodayinitiative.com/advisories/ZDI-10-155/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 24 14:23:50 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 24 Aug 2010 23:23:50 +0200 Subject: [SEC] [SA41042] TYPO3 phpMyAdmin Extension Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201008242123.o7OLNobe016186@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: TYPO3 phpMyAdmin Extension Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA41042 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41042/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41042 RELEASE DATE: 2010-08-24 DISCUSS ADVISORY: http://secunia.com/advisories/41042/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41042/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41042 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in the phpMyAdmin extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting attacks. For more information see vulnerability #1: SA41000 The vulnerabilities are reported in versions prior to 4.9.0. SOLUTION: Update to version 4.9.0. PROVIDED AND/OR DISCOVERED BY: Reported by Aung Khant in the standalone version of phpMyAdmin. ORIGINAL ADVISORY: TYPO3-SA-2010-017: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-017/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 24 14:44:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 24 Aug 2010 23:44:40 +0200 Subject: [SEC] [SA41052] Red Hat update for openoffice.org Message-ID: <201008242144.o7OLieGH004633@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Red Hat update for openoffice.org SECUNIA ADVISORY ID: SA41052 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41052/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41052 RELEASE DATE: 2010-08-24 DISCUSS ADVISORY: http://secunia.com/advisories/41052/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41052/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41052 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for openoffice.org. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA40775 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0643-1: http://rhn.redhat.com/errata/RHSA-2010-0643.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 24 15:11:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 25 Aug 2010 00:11:36 +0200 Subject: [SEC] [SA41047] Joomla! Zoom Portfolio Component "id" SQL Injection Vulnerability Message-ID: <201008242211.o7OMBawV025876@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Joomla! Zoom Portfolio Component "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA41047 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41047/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41047 RELEASE DATE: 2010-08-24 DISCUSS ADVISORY: http://secunia.com/advisories/41047/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41047/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41047 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Zoom Portfolio component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to index.php (when "option" is set to "com_zoomportfolio" and "view" is set to "portfolio") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 1.5. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Chip D3 Bi0s OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 24 15:46:52 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 25 Aug 2010 00:46:52 +0200 Subject: [SEC] [SA41048] MySQL Multiple Security Issues Message-ID: <201008242246.o7OMkq9G014975@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: MySQL Multiple Security Issues SECUNIA ADVISORY ID: SA41048 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41048/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41048 RELEASE DATE: 2010-08-25 DISCUSS ADVISORY: http://secunia.com/advisories/41048/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41048/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41048 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some security issues have been reported in MySQL, where one has unknown impacts while others can be exploited by malicious users to cause a DoS (Denial of Service). 1) An error within the handling of DDL statements after having changed the "innodb_file_per_table" or "innodb_file_format" configuration parameters can be exploited to crash the server. 2) An error when handling joins involving a unique "SET" column can be exploited to crash the server. 3) An error when handling NULL arguments passed to "IN()" or "CASE" operations can be exploited to crash the server. 4) An error when processing certain malformed arguments passed to the "BINLOG" statement can be exploited to crash the server. 5) An error when processing "TEMPORARY" InnoDB tables featuring nullable columns can be exploited to crash the server. 6) An error when performing alternating reads from two indexes on tables using the "HANDLER" interface can be exploited to crash the server. 7) An error when handling "EXPLAIN" statements on certain queries can be exploited to crash the server. 8) An error when handling "LOAD DATA INFILE" statements can lead to the return of an "OK" packet although errors have been encountered. SOLUTION: Update to version 5.1.49. PROVIDED AND/OR DISCOVERED BY: Reported in MySQL bug reports by: 1, 8) Elena Stepanova 2, 3, 4) Shane Bester 5) Boris Reisig 6) Matthias Leich 7) Bjorn Munch ORIGINAL ADVISORY: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-49.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 24 16:12:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 25 Aug 2010 01:12:20 +0200 Subject: [SEC] [SA41081] Fedora update for php Message-ID: <201008242312.o7ONCKss003635@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Fedora update for php SECUNIA ADVISORY ID: SA41081 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41081/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41081 RELEASE DATE: 2010-08-25 DISCUSS ADVISORY: http://secunia.com/advisories/41081/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41081/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41081 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information and compromise a vulnerable system. For more information: SA39675 SA40268 SOLUTION: Apply updated packages using the yum utility ("yum update php"). ORIGINAL ADVISORY: FEDORA-2010-11428: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046046.html FEDORA-2010-11481: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046021.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 24 16:47:50 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 25 Aug 2010 01:47:50 +0200 Subject: [SEC] [SA41034] e107 Script Insertion and Cross-Site Request Forgery Vulnerabilities Message-ID: <201008242347.o7ONlocm025139@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: e107 Script Insertion and Cross-Site Request Forgery Vulnerabilities SECUNIA ADVISORY ID: SA41034 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41034/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41034 RELEASE DATE: 2010-08-25 DISCUSS ADVISORY: http://secunia.com/advisories/41034/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41034/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41034 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Justin Klein Keane has reported some vulnerabilities in e107, which can be exploited by malicious people to conduct script insertion and cross-site request forgery attacks. 1) Input passed via the "submitnews_title" parameter to submitnews.php is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. create arbitrary users by tricking a logged in administrative user into visiting a malicious web site. The vulnerabilities are reported in versions prior to 0.7.23. SOLUTION: Update to version 0.7.23. PROVIDED AND/OR DISCOVERED BY: Justin Klein Keane ORIGINAL ADVISORY: e107: http://e107.org/comment.php?comment.news.872 Justin Klein Keane: http://www.madirish.net/?article=471 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 24 17:11:52 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 25 Aug 2010 02:11:52 +0200 Subject: [SEC] [SA41091] Fedora update for kernel Message-ID: <201008250011.o7P0Bqii013751@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Fedora update for kernel SECUNIA ADVISORY ID: SA41091 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41091/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41091 RELEASE DATE: 2010-08-25 DISCUSS ADVISORY: http://secunia.com/advisories/41091/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41091/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41091 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges. For more information: SA40965 1) An error within the GFS2 file system when handing certain rename operations can be exploited to cause a kernel crash. SOLUTION: Apply updated packages using the yum utility ("yum update kernel"). PROVIDED AND/OR DISCOVERED BY: 1) Red Hat credits Grant Diffey. ORIGINAL ADVISORY: FEDORA-2010-13058: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046051.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 24 17:44:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 25 Aug 2010 02:44:41 +0200 Subject: [SEC] [SA41080] Fedora update for kernel Message-ID: <201008250044.o7P0if5M002705@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Fedora update for kernel SECUNIA ADVISORY ID: SA41080 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41080/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41080 RELEASE DATE: 2010-08-25 DISCUSS ADVISORY: http://secunia.com/advisories/41080/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41080/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41080 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, and gain escalated privileges. For more information: SA40205 SA40965 1) An error within the GFS2 file system when handing certain rename operations can be exploited to cause a kernel crash. SOLUTION: Apply updated packages using the yum utility ("yum update kernel"). PROVIDED AND/OR DISCOVERED BY: 1) Red Hat credits Grant Diffey. ORIGINAL ADVISORY: FEDORA-2010-13110: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046029.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 24 18:13:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 25 Aug 2010 03:13:29 +0200 Subject: [SEC] [SA41082] Fedora update for ruby Message-ID: <201008250113.o7P1DTZR023954@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Fedora update for ruby SECUNIA ADVISORY ID: SA41082 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41082/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41082 RELEASE DATE: 2010-08-25 DISCUSS ADVISORY: http://secunia.com/advisories/41082/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41082/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41082 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for ruby. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA41003 SOLUTION: Apply updated packages using the yum utility ("yum update ruby"). ORIGINAL ADVISORY: FEDORA-2010-13341: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046013.html FEDORA-2010-13387: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046044.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 24 18:48:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 25 Aug 2010 03:48:29 +0200 Subject: [SEC] [SA41061] Fedora update for openldap Message-ID: <201008250148.o7P1mTsX013028@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Fedora update for openldap SECUNIA ADVISORY ID: SA41061 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41061/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41061 RELEASE DATE: 2010-08-25 DISCUSS ADVISORY: http://secunia.com/advisories/41061/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41061/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41061 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for openldap. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA40639 SOLUTION: Apply updated packages using the yum utility ("yum update openldap"). ORIGINAL ADVISORY: FEDORA-2010-11343: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046039.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 25 10:29:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 25 Aug 2010 19:29:58 +0200 Subject: [SEC] [SA41111] Red Hat update for ImageMagick Message-ID: <201008251729.o7PHTw6D011096@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Red Hat update for ImageMagick SECUNIA ADVISORY ID: SA41111 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41111/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41111 RELEASE DATE: 2010-08-25 DISCUSS ADVISORY: http://secunia.com/advisories/41111/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41111/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41111 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for ImageMagick. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system. For more information: SA35216 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0652-1: https://rhn.redhat.com/errata/RHSA-2010-0652.html RHSA-2010:0653-1: http://rhn.redhat.com/errata/RHSA-2010-0653.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 25 11:29:51 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 25 Aug 2010 20:29:51 +0200 Subject: [SEC] [SA41120] Red Hat update for qspice-client and spice-xpi Message-ID: <201008251829.o7PITpc5001232@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Red Hat update for qspice-client and spice-xpi SECUNIA ADVISORY ID: SA41120 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41120/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41120 RELEASE DATE: 2010-08-25 DISCUSS ADVISORY: http://secunia.com/advisories/41120/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41120/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41120 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued updates for qspice-client and spice-xpi. These fix two vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information or manipulate certain data. 1) A race condition exists when the SPICE Mozilla Firefox plug-in and SPICE client communicate and can be exploited to disclose authentication information or conduct MitM (Man-in-the-Middle) attacks. 2) The SPICE Mozilla Firefox plug-in creates a log file with a predictable name, which can be exploited to overwrite user's files via symbolic link attacks. SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0632-1: http://rhn.redhat.com/errata/RHSA-2010-0632.html RHSA-2010:0651-1: http://rhn.redhat.com/errata/RHSA-2010-0651.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 25 12:29:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 25 Aug 2010 21:29:24 +0200 Subject: [SEC] [SA41094] 010 Editor Insecure Library Loading Vulnerability Message-ID: <201008251929.o7PJTORu023884@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: 010 Editor Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41094 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41094/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41094 RELEASE DATE: 2010-08-25 DISCUSS ADVISORY: http://secunia.com/advisories/41094/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41094/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41094 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in 010 Editor, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. wintab32.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a HEX file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 3.1.2. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Findthee Swing OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 25 13:29:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 25 Aug 2010 22:29:31 +0200 Subject: [SEC] [SA41124] Snagit Insecure Library Loading Vulnerability Message-ID: <201008252029.o7PKTVh3014099@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Snagit Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41124 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41124/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41124 RELEASE DATE: 2010-08-25 DISCUSS ADVISORY: http://secunia.com/advisories/41124/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41124/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41124 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Snagit, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening SNAG or SNAGPROF files located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 10.0.0 build 788. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Encrypt3d.M!nd ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/14764/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 25 14:23:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 25 Aug 2010 23:23:48 +0200 Subject: [SEC] [SA41119] Camtasia Studio Insecure Library Loading Vulnerability Message-ID: <201008252123.o7PLNmSF004027@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Camtasia Studio Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41119 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41119/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41119 RELEASE DATE: 2010-08-25 DISCUSS ADVISORY: http://secunia.com/advisories/41119/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41119/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41119 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Camtasia Studio, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. MFC90ENU.DLL and MFC90LOC.DLL) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening CMMP or CAMREC files located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 7.0.1 build 57. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Findthee Swing OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 25 14:44:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 25 Aug 2010 23:44:30 +0200 Subject: [SEC] [SA41104] Microsoft Office Groove Insecure Library Loading Vulnerability Message-ID: <201008252144.o7PLiUax024882@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Microsoft Office Groove Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41104 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41104/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41104 RELEASE DATE: 2010-08-25 DISCUSS ADVISORY: http://secunia.com/advisories/41104/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41104/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41104 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Microsoft Office Groove, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. GroovePerfmon.dll and mso.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening VCG or GTA files located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 2007 (12.0.6421.1000). Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Beenu Arora OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 25 15:13:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 26 Aug 2010 00:13:17 +0200 Subject: [SEC] [SA41109] avast! Antivirus Insecure Library Loading Vulnerability Message-ID: <201008252213.o7PMDHhZ013786@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: avast! Antivirus Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41109 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41109/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41109 RELEASE DATE: 2010-08-25 DISCUSS ADVISORY: http://secunia.com/advisories/41109/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41109/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41109 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in avast! Antivirus, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening an avast! license file (*.avastlic) located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in avast! Free Antivirus version 5.0.594 for Windows. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Bruno Filipe ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/14743/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 25 15:46:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 26 Aug 2010 00:46:24 +0200 Subject: [SEC] [SA41107] VLC Media Player Insecure Library Loading Vulnerability Message-ID: <201008252246.o7PMkOZk002751@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: VLC Media Player Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41107 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41107/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41107 RELEASE DATE: 2010-08-26 DISCUSS ADVISORY: http://secunia.com/advisories/41107/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41107/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41107 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in VLC Media Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. wintab32.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening an MP3 file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 1.1.3 for Windows. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Secfence ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/14750/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 25 16:12:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 26 Aug 2010 01:12:08 +0200 Subject: [SEC] [SA41112] TeamViewer Insecure Library Loading Vulnerability Message-ID: <201008252312.o7PNC8MX023863@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: TeamViewer Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41112 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41112/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41112 RELEASE DATE: 2010-08-26 DISCUSS ADVISORY: http://secunia.com/advisories/41112/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41112/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41112 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in TeamViewer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a TVS file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 5.0.8703 for Windows. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Glafkos Charalambous ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/14734/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 25 16:46:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 26 Aug 2010 01:46:41 +0200 Subject: [SEC] [SA40952] KDE Okular PDB Parsing RLE Decompression Buffer Overflow Message-ID: <201008252346.o7PNkflK012904@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: KDE Okular PDB Parsing RLE Decompression Buffer Overflow SECUNIA ADVISORY ID: SA40952 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40952/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40952 RELEASE DATE: 2010-08-26 DISCUSS ADVISORY: http://secunia.com/advisories/40952/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40952/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40952 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered a vulnerability in KDE Okular, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a boundary error within the RLE decompression in the "TranscribePalmImageToJPEG()" function in generators/plucker/unpluck/image.cpp. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted PDB file. The vulnerability is confirmed in version 4.4.5. Other versions may also be affected. SOLUTION: Apply patches. See vendor's advisory for additional details. PROVIDED AND/OR DISCOVERED BY: Stefan Cornelius, Secunia Research. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2010-109 KDE: http://www.kde.org/info/security/advisory-20100825-1.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 25 17:11:52 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 26 Aug 2010 02:11:52 +0200 Subject: [SEC] [SA41101] GFI Web Monitor Script Insertion Vulnerability Message-ID: <201008260011.o7Q0Bq68001488@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: GFI Web Monitor Script Insertion Vulnerability SECUNIA ADVISORY ID: SA41101 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41101/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41101 RELEASE DATE: 2010-08-26 DISCUSS ADVISORY: http://secunia.com/advisories/41101/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41101/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41101 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oliver Karow has reported a vulnerability in GFI Web Monitor, which can be exploited by malicious people to conduct script insertion attacks. Unspecified Input passed via the proxy port is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed within the Web Monitor Configuration UI. The vulnerability is reported in GFI Web Monitor 2009 build 20100324. Other versions may also be affected. SOLUTION: Apply patch (contact the vendor for further information). PROVIDED AND/OR DISCOVERED BY: Oliver Karow ORIGINAL ADVISORY: http://oliver.greyhat.de/2010/08/25/gfi-webmonitor-admin-ui-remote-script-code-injection/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 25 17:44:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 26 Aug 2010 02:44:24 +0200 Subject: [SEC] [SA41098] Windows Live Mail Insecure Library Loading Vulnerability Message-ID: <201008260044.o7Q0iOfK022921@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Windows Live Mail Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41098 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41098/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41098 RELEASE DATE: 2010-08-26 DISCUSS ADVISORY: http://secunia.com/advisories/41098/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41098/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41098 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Windows Live Mail, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening an EML file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 2009 build 14.0.8117.0416. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Nicolas Krassas ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/14728/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 25 18:10:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 26 Aug 2010 03:10:49 +0200 Subject: [SEC] [SA41089] ClanSphere "index.php" Cross-Site Scripting Vulnerability Message-ID: <201008260110.o7Q1Anga011621@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: ClanSphere "index.php" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA41089 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41089/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41089 RELEASE DATE: 2010-08-26 DISCUSS ADVISORY: http://secunia.com/advisories/41089/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41089/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41089 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in ClanSphere, which can be exploited by malicious people to conduct cross-site scripting attacks. Input appended to the URL after index.php is not properly sanitised in mods/users/navlogin.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 2009.0.3.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Sweet OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 25 18:44:50 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 26 Aug 2010 03:44:50 +0200 Subject: [SEC] [SA41088] SEIL Routers IPv6 Unicast RPF Spoofing Vulnerability Message-ID: <201008260144.o7Q1iohO000603@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: SEIL Routers IPv6 Unicast RPF Spoofing Vulnerability SECUNIA ADVISORY ID: SA41088 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41088/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41088 RELEASE DATE: 2010-08-26 DISCUSS ADVISORY: http://secunia.com/advisories/41088/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41088/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41088 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in SEIL routers, which can be exploited by malicious people to conduct spoofing attacks. The vulnerability exists due to improper filtering when IPv6 Unicast Reverse Path Forwarding (RPF) is enabled and can be exploited to bypass filtering via a spoofed IP address. Successful exploitation requires IPv6 Unicast RPF to be configured in strict mode. The vulnerability is reported in the following products: * SEIL/X1 firmware version 1.00 through 2.73 * SEIL/X2 firmware version 1.00 through 2.73 * SEIL/B1 firmware version 1.00 through 2.73 SOLUTION: Upgrade to firmware version 2.74. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: SEIL: http://www.seil.jp/seilseries/security/2010/a00875.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 25 19:11:50 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 26 Aug 2010 04:11:50 +0200 Subject: [SEC] [SA41054] Debian update for zope-ldapuserfolder Message-ID: <201008260211.o7Q2Bov5022221@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Debian update for zope-ldapuserfolder SECUNIA ADVISORY ID: SA41054 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41054/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41054 RELEASE DATE: 2010-08-26 DISCUSS ADVISORY: http://secunia.com/advisories/41054/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41054/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41054 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for zope-ldapuserfolder. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA41022 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA-2096-1: http://lists.debian.org/debian-security-announce/2010/msg00142.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 25 19:45:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 26 Aug 2010 04:45:00 +0200 Subject: [SEC] [SA41053] Mapbender Multiple Vulnerabilities Message-ID: <201008260245.o7Q2j0aH011219@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Mapbender Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41053 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41053/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41053 RELEASE DATE: 2010-08-26 DISCUSS ADVISORY: http://secunia.com/advisories/41053/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41053/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41053 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in Mapbender, which can be exploited by malicious users to conduct SQL injection attacks, and by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) Input passed via the "m", "d", and "t" parameters to extensions/datepicker/datepicker.php, "id" parameter to php/mod_layerMetadata.php, "printTitle", "printComment", "map_scale", and "footer" parameters to php/mod_printView1.php, "guiList", "name" and "left" parameters to php/nestedSets.php, "gui_id" parameter to php/mod_showGuiName.php, "getStyle" parameter to php/mod_getStyles.php and "length" parameter to php/mod_evalArea.php is not properly sanitised before being returned to the user. This can be exploited to execute HTML and script code in a user's browser session in context of an affected site. 2) The application allows users to perform certain actions via HTTP requests without making any validity checks to verify the requests. This can be exploited to e.g. change an administrative user's password by tricking an administrative user into visiting a malicious website while being logged in to the application. 3) Input passed via the "srs" parameter to php/mod_evalArea.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 4) Input passed via the "user", "password" and "tblmb" POST parameters to php/mod_saveWKT.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires "magic_quotes_gpc" to be disabled. The vulnerabilities are confirmed in version 2.6.2. Other versions may also be affected. SOLUTION: Do not browse untrusted web sites or follow untrusted links while being logged in to the application. Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Red Team ORIGINAL ADVISORY: rt-sa-2010-004: http://www.redteam-pentesting.de/advisories/rt-sa-2010-004.txt rt-sa-2010-005: http://www.redteam-pentesting.de/advisories/rt-sa-2010-005.txt rt-sa-2010-006: http://www.redteam-pentesting.de/advisories/rt-sa-2010-006.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 25 20:09:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 26 Aug 2010 05:09:39 +0200 Subject: [SEC] [SA41083] Opera Insecure Library Loading Vulnerability Message-ID: <201008260309.o7Q39di0032233@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Opera Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41083 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41083/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41083 RELEASE DATE: 2010-08-26 DISCUSS ADVISORY: http://secunia.com/advisories/41083/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41083/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41083 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Opera, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a HTML file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 10.61 installed on Windows XP SP3. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Nicolas Krassas ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/14732 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 25 20:23:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 26 Aug 2010 05:23:42 +0200 Subject: [SEC] [SA41110] Adobe Dreamweaver Insecure Library Loading Vulnerability Message-ID: <201008260323.o7Q3Ngmq020357@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Adobe Dreamweaver Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41110 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41110/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41110 RELEASE DATE: 2010-08-26 DISCUSS ADVISORY: http://secunia.com/advisories/41110/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41110/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41110 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Adobe Dreamweaver, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. MFC90LOC.DLL and dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a CSS file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in Adobe Dreamweaver CS5 version 11.0 Build 4916. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Bruno Filipe ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/14740/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 25 20:44:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 26 Aug 2010 05:44:32 +0200 Subject: [SEC] [SA41040] Wing FTP Server HTTP Denial of Service Vulnerability Message-ID: <201008260344.o7Q3iWJi008810@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Wing FTP Server HTTP Denial of Service Vulnerability SECUNIA ADVISORY ID: SA41040 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41040/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41040 RELEASE DATE: 2010-08-26 DISCUSS ADVISORY: http://secunia.com/advisories/41040/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41040/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41040 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Wing FTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error when processing HTTP requests and can be exploited to crash the server. No further information is currently available. The vulnerability is reported in versions prior to 3.6.6 running on Windows. SOLUTION: Update to version 3.6.6. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.wftpserver.com/serverhistory.htm OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 25 21:10:15 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 26 Aug 2010 06:10:15 +0200 Subject: [SEC] [SA41065] Adobe Shockwave Player Multiple Vulnerabilities Message-ID: <201008260410.o7Q4AFfX029862@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Adobe Shockwave Player Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41065 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41065/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41065 RELEASE DATE: 2010-08-26 DISCUSS ADVISORY: http://secunia.com/advisories/41065/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41065/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41065 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. 1) An unspecified error can be exploited to corrupt memory. 2) An unspecified error when processing ".dir" files in the IML32.dll module can be exploited to corrupt memory. 3) A third unspecified error can be exploited to corrupt memory. 4) A signedness error when processing the tSAC RIFF chunk in the DIRAPI module can be exploited to corrupt memory. 5) An array indexing error when processing the rcsL RIFF chunk in the DIRAPIX module can be exploited to corrupt memory. 6) An unspecified error when processing ".dir" files in the IML32.dll module can be exploited to corrupt memory. 7) An unspecified error when processing ".dir" files in the IML32.dll module can be exploited to corrupt memory. 8) A boundary error when handling the chunk size following the fourCC value in Ordinal1111 (IML32X module) can be exploited to cause a heap-based buffer overflow via a specially crafted RIFF file. 9) An integer overflow error when processing 0xFFFFFF45 records of 3D objects can be exploited to cause a heap-based buffer overflow. 10) A signedness error when processing the PAMI RIFF chunk can be exploited to corrupt memory. 11) An indexing error when processing the rcsL RIFF chunk can be exploited to corrupt heap-based memory and overwrite a function pointer via a specially crafted Director file with ".dir" or ".dcr" extensions. 12) An uninitialized pointer error when processing the tSAC RIFF chunk can be exploited to transfer the program flow into a random heap-based memory location. 13) A signedness error when processing the tSAC RIFF chunk can be exploited to corrupt heap-based memory. 14) A singedness error when processing the tSAC RIFF chunk can be exploited to write a NULL byte to a certain memory location. 15) An integer overflow error when processing 0xFFFFFFF8 records can be exploited to cause a heap-based buffer overflow via specially a crafted Director file with ".dir" or ".dcr" extensions. 16) An indexing error when processing the CSWV RIFF chunk within the IML32X.dll and DIRAPIX.dll modules can be exploited to corrupt heap-based memory. 17) An indexing error when processing the tSAC RIFF chunk within the DIRAPIX.dll module can be exploited to write a NULL byte to a heap-based memory location. 18) An integer overflow error in the TextXtra.x32 module can be exploited to cause a heap-based buffer overflow. 19) An unspecified error when processing ".dir" files in the DIRAPI.dll module can be exploited to corrupt memory. 20) An unspecified error when processing ".dir" files in the IML32.dll module can be exploited to corrupt memory. 21) An unspecified error when processing ".dir" files in the DIRAPI.dll module can be exploited to corrupt memory. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in versions prior to 11.5.8.612 running on Windows and Macintosh. SOLUTION: Update to version 11.5.8.612 or later. PROVIDED AND/OR DISCOVERED BY: 4,5,8,13,16,17,18) Aaron Portnoy, TippingPoint DVLabs. 9,12,15) An anonymous person, reported via ZDI. 10,11) Damian Put, reported via ZDI. 14) An anonymous person, reported via iDefense VCP. 2,6,7,19,20,21) Rodrigo Rubira Branco, Check Point. The vendor also credits: 1,2,3) Honggang Ren, Fortinet's FortiGuard Labs ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/security/bulletins/apsb10-20.html iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=878 TippingPoint DVLabs: http://dvlabs.tippingpoint.com/advisory/TPTI-10-09 http://dvlabs.tippingpoint.com/advisory/TPTI-10-10 http://dvlabs.tippingpoint.com/advisory/TPTI-10-11 http://dvlabs.tippingpoint.com/advisory/TPTI-10-12 http://dvlabs.tippingpoint.com/advisory/TPTI-10-13 http://dvlabs.tippingpoint.com/advisory/TPTI-10-14 http://dvlabs.tippingpoint.com/advisory/TPTI-10-15 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-160/ http://www.zerodayinitiative.com/advisories/ZDI-10-161/ http://www.zerodayinitiative.com/advisories/ZDI-10-162/ http://www.zerodayinitiative.com/advisories/ZDI-10-163/ http://www.zerodayinitiative.com/advisories/ZDI-10-164/ Rodrigo Rubira Branco: http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0282.html http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0283.html http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0284.html http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0285.html http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0286.html http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0287.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 25 21:23:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 26 Aug 2010 06:23:24 +0200 Subject: [SEC] [SA41095] Mozilla Firefox Insecure Library Loading Vulnerability Message-ID: <201008260423.o7Q4NO9J017953@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Mozilla Firefox Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41095 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41095/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41095 RELEASE DATE: 2010-08-26 DISCUSS ADVISORY: http://secunia.com/advisories/41095/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41095/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41095 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening an HTML file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 3.6.8 for Windows. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Glafkos Charalambous ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/14730/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 25 21:44:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 26 Aug 2010 06:44:28 +0200 Subject: [SEC] [SA41050] Microsoft Windows Address Book Insecure Library Loading Vulnerability Message-ID: <201008260444.o7Q4iSnV006404@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Address Book Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41050 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41050/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41050 RELEASE DATE: 2010-08-26 DISCUSS ADVISORY: http://secunia.com/advisories/41050/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41050/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41050 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the Address Book application (wab.exe) loading libraries (e.g. wab32res.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a vCard (.vcf) located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in a fully patched Windows XP SP3, Windows Server 2003 R2 Enterprise SP2, Windows Vista Business SP1, Windows 7 Professional, and Windows Server 2008 Enterprise SP2. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Matt ORIGINAL ADVISORY: Matt: http://www.attackvector.org/new-dll-hijacking-exploits-many/ Secunia blog: http://secunia.com/blog/120/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Aug 25 22:09:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 26 Aug 2010 07:09:19 +0200 Subject: [SEC] [SA41063] Microsoft Office PowerPoint Insecure Library Loading Vulnerability Message-ID: <201008260509.o7Q59JDs027425@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award Secunia outshines its competitors and receives the Frost & Sullivan???s Global 2010 Customer Value Enhancement Award. Based on its recent analysis of the vulnerability research market, Frost & Sullivan concluded: "Secunia provides tremendous value for their customers, end-users, and to other security vendors." Read more: http://secunia.com/blog/117/ ---------------------------------------------------------------------- TITLE: Microsoft Office PowerPoint Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41063 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41063/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41063 RELEASE DATE: 2010-08-26 DISCUSS ADVISORY: http://secunia.com/advisories/41063/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41063/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41063 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Microsoft Office PowerPoint, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. pp7x32.dll) in an insecure manner and can be exploited to load arbitrary libraries by tricking a user into e.g. opening a PowerPoint 95 presentation located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in fully patched versions of 2007 and 2010. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: TheLeader ORIGINAL ADVISORY: TheLeader: http://www.exploit-db.com/exploits/14723/ Secunia blog: http://secunia.com/blog/120/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 26 10:29:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 26 Aug 2010 19:29:40 +0200 Subject: [SEC] [SA41168] Mozilla SeaMonkey Insecure Library Loading Vulnerability Message-ID: <201008261729.o7QHTeuW009587@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Mozilla SeaMonkey Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41168 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41168/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41168 RELEASE DATE: 2010-08-26 DISCUSS ADVISORY: http://secunia.com/advisories/41168/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41168/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41168 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening an HTML file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 2.0.6 on a Windows system. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Findthee Swing OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 26 11:30:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 26 Aug 2010 20:30:24 +0200 Subject: [SEC] [SA41116] Target CMS Multiple Vulnerabilities Message-ID: <201008261830.o7QIUOKb032221@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Target CMS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41116 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41116/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41116 RELEASE DATE: 2010-08-26 DISCUSS ADVISORY: http://secunia.com/advisories/41116/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41116/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41116 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered some vulnerabilities in Target CMS, which can be exploited by malicious user to conduct script insertion attacks, SQL injection attacks, and disclose sensitive information and by malicious people to conduct cross-site scripting attacks, SQL injection attacks, and disclose sensitive information. 1) Input passed via the "section" parameter to index.php (when "admin" is set to "1") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "note" parameter to index.php (when "section" is set to "content", "action" is set to "Save text", and "admin" is set to "1") is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 3) Input passed via the "template" parameter to index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. 4) Input passed via the "name" parameter to index.php (when "admin" is set to "1", "section" is set to "style", and "action" is set to "editStylesheet") is not properly verified before being used to read files. This can be exploited to disclose arbitrary files from local resources via directory traversal sequences. 5) Input passed via the "id" parameter to index.php (when "admin" is set to "1", "section" is set to "content", and "action" is set to "edit") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 6) Input passed via the "content" parameter to index.php (when "template" is set to "home") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. 7) Input passed via the "id" parameter to index.php (when "section" is set to "content", "action" is set to "Save text", and "admin" is set to "1") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 8) Input passed via the "id" parameter to index.php (when "template" is set to "forum" and "action" is set to "showReplies") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 9) Input passed via the "id" parameter to index.php (when "template" is set to "blog") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised and verified. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: http://www.htbridge.ch/advisory/xss_vulnerability_in_tcms.html http://www.htbridge.ch/advisory/xss_vulnerability_in_tcms_1.html http://www.htbridge.ch/advisory/local_file_inclusion_in_tcms.html http://www.htbridge.ch/advisory/file_content_disclosure_in_tcms.html http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_tcms.html http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_tcms_1.html http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_tcms_2.html http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_tcms_3.html http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_tcms_4.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 26 12:29:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 26 Aug 2010 21:29:44 +0200 Subject: [SEC] [SA41127] Webmatic Cross-Site Request Forgery Vulnerability Message-ID: <201008261929.o7QJTihq022398@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Webmatic Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA41127 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41127/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41127 RELEASE DATE: 2010-08-26 DISCUSS ADVISORY: http://secunia.com/advisories/41127/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41127/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41127 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Webmatic, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. create an arbitrary user with administrative privileges or change the web site content if a logged-in administrative user visits a malicious web site. The vulnerability is confirmed in version 3.0.5. Other versions may also be affected. SOLUTION: Do not browse untrusted sites nor follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22570: http://www.htbridge.ch/advisory/xsrf_csrf_in_webmatic.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 26 13:29:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 26 Aug 2010 22:29:25 +0200 Subject: [SEC] [SA41147] Auto CMS PHP Code Execution Security Issue Message-ID: <201008262029.o7QKTP65012583@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Auto CMS PHP Code Execution Security Issue SECUNIA ADVISORY ID: SA41147 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41147/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41147 RELEASE DATE: 2010-08-26 DISCUSS ADVISORY: http://secunia.com/advisories/41147/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41147/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41147 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Eskarina Smith has discovered a vulnerability in Auto CMS, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "site_name", "site_url", "sitetitle", "admin_email", "index_name_link", "about_name_link", "about_content", "ps_name_link", "ps_content", "news_name_link", "news_content", "contact_name_link", "css_file", "entry_null", "email_thanks_msg", "email_from", "contact_from", "new_email_msg", "no_valid_host", "bad_characters", and "long_email" parameters to index.php is not properly sanitised in core/autocms.php before being saved to data/vars.php. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerability is confirmed in version 1.6. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Eskarina Smith OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 26 14:23:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 26 Aug 2010 23:23:29 +0200 Subject: [SEC] [SA41103] PKZIP Insecure Library Loading Vulnerability Message-ID: <201008262123.o7QLNTij002485@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: PKZIP Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41103 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41103/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41103 RELEASE DATE: 2010-08-26 DISCUSS ADVISORY: http://secunia.com/advisories/41103/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41103/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41103 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in PKZIP, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a ZIP file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 12.50.0013. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Findthee Swing OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 26 14:44:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 26 Aug 2010 23:44:33 +0200 Subject: [SEC] [SA41137] Roxio Media Creator Insecure Library Loading Vulnerability Message-ID: <201008262144.o7QLiXp8023377@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Roxio Media Creator Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41137 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41137/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41137 RELEASE DATE: 2010-08-26 DISCUSS ADVISORY: http://secunia.com/advisories/41137/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41137/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41137 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Roxio Media Creator, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. homeutils9.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a Roxio project file (.roxio) located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version Roxio Creator 9 Home version 9.0.136 for Windows. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: storm ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/14768 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 26 15:11:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 27 Aug 2010 00:11:34 +0200 Subject: [SEC] [SA41125] Cisco Packet Tracer Insecure Library Loading Vulnerability Message-ID: <201008262211.o7QMBY7g012201@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Cisco Packet Tracer Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41125 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41125/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41125 RELEASE DATE: 2010-08-26 DISCUSS ADVISORY: http://secunia.com/advisories/41125/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41125/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41125 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco Packet Tracer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. wintab32.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a PKT file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in versions 5.1 and 5.2. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: CCNA ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/14774 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 26 15:46:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 27 Aug 2010 00:46:02 +0200 Subject: [SEC] [SA41131] IZArc Insecure Library Loading Vulnerability Message-ID: <201008262246.o7QMk2e5001180@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: IZArc Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41131 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41131/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41131 RELEASE DATE: 2010-08-27 DISCUSS ADVISORY: http://secunia.com/advisories/41131/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41131/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41131 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in IZArc, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. ztv7zdll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening an ARJ file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 4.1.2. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Peter Van Eeckhoutte ORIGINAL ADVISORY: http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 26 16:12:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 27 Aug 2010 01:12:42 +0200 Subject: [SEC] [SA41162] Mihalism Multi Host "return" Cross-Site Scripting Vulnerability Message-ID: <201008262312.o7QNCggn022363@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Mihalism Multi Host "return" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA41162 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41162/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41162 RELEASE DATE: 2010-08-27 DISCUSS ADVISORY: http://secunia.com/advisories/41162/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41162/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41162 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Mihalism Multi Host, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "return" parameter to users.php (when "act" is set to "register") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 5.0.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: XSS IsGhay ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0314.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 26 16:45:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 27 Aug 2010 01:45:58 +0200 Subject: [SEC] [SA41013] Autodesk Design Review Insecure Library Loading Vulnerability Message-ID: <201008262345.o7QNjwHw011352@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Autodesk Design Review Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41013 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41013/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41013 RELEASE DATE: 2010-08-27 DISCUSS ADVISORY: http://secunia.com/advisories/41013/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41013/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41013 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Autodesk Design Review, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll, whiptk_wt.7.12.601.dll, xaml_wt.7.6.0.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a DWF file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 2011 11.0.0.86 and also reported in version 2010. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Findthee Swing Additional information provided by Secunia Research. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 26 17:11:52 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 27 Aug 2010 02:11:52 +0200 Subject: [SEC] [SA41151] Mozilla Thunderbird Insecure Library Loading Vulnerability Message-ID: <201008270011.o7R0BqHP032412@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Mozilla Thunderbird Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41151 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41151/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41151 RELEASE DATE: 2010-08-27 DISCUSS ADVISORY: http://secunia.com/advisories/41151/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41151/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41151 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Mozilla Thunderbird, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening an EML file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 3.1.2. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: h4ck3r#47 ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/14783/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 26 17:44:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 27 Aug 2010 02:44:40 +0200 Subject: [SEC] [SA41092] RealPlayer Insecure Library Loading Vulnerability Message-ID: <201008270044.o7R0ieco021398@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: RealPlayer Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41092 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41092/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41092 RELEASE DATE: 2010-08-27 DISCUSS ADVISORY: http://secunia.com/advisories/41092/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41092/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41092 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in RealPlayer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. rio500.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening an AVI file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in RealPlayer SP version 1.1.5 (12.0.0.879) for Windows. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Taeho Kwon and Zhendong Su ORIGINAL ADVISORY: http://www.cs.ucdavis.edu/research/tech-reports/2010/CSE-2010-2.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 26 18:10:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 27 Aug 2010 03:10:07 +0200 Subject: [SEC] [SA41118] Adobe Device Central Insecure Library Loading Vulnerability Message-ID: <201008270110.o7R1A70b010037@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Adobe Device Central Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41118 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41118/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41118 RELEASE DATE: 2010-08-27 DISCUSS ADVISORY: http://secunia.com/advisories/41118/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41118/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41118 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Adobe Device Central, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. QTCF.DLL) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a Adobe Device Central Project file (.adcp) located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in Adobe Device Central CS5 version 3.0.1.0 (3027) for Windows. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Glafkos Charalambous ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/14755/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 26 18:23:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 27 Aug 2010 03:23:32 +0200 Subject: [SEC] [SA41122] Microsoft Windows Backup Insecure Library Loading Vulnerability Message-ID: <201008270123.o7R1NWEG030528@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Microsoft Windows Backup Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41122 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41122/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41122 RELEASE DATE: 2010-08-27 DISCUSS ADVISORY: http://secunia.com/advisories/41122/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41122/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41122 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the Microsoft Windows Backup application (sdclt.exe) loading libraries (e.g. fveapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a WBCAT file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in a fully patched Windows Vista Business SP1 with sdclt.exe version 6.0.6001.18000. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Beenu Arora OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 26 18:44:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 27 Aug 2010 03:44:24 +0200 Subject: [SEC] [SA41163] HP-UX Software Distributor Privilege Escalation Vulnerability Message-ID: <201008270144.o7R1iOdO018976@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: HP-UX Software Distributor Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA41163 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41163/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41163 RELEASE DATE: 2010-08-27 DISCUSS ADVISORY: http://secunia.com/advisories/41163/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41163/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41163 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP-UX, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an unspecified error. No more information is currently available. The vulnerability is reported in HP-UX B.11.11, B.11.23, and B.11.31 running Software Distributor. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBUX02552 SSRT100062: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02285980 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 26 19:14:01 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 27 Aug 2010 04:14:01 +0200 Subject: [SEC] [SA41159] SSSD LDAP Unauthenticated Bind Security Bypass Security Issue Message-ID: <201008270214.o7R2E1s9008296@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: SSSD LDAP Unauthenticated Bind Security Bypass Security Issue SECUNIA ADVISORY ID: SA41159 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41159/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41159 RELEASE DATE: 2010-08-27 DISCUSS ADVISORY: http://secunia.com/advisories/41159/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41159/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41159 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in SSSD, which can be exploited by malicious people to bypass certain security restrictions. The security issue exists when performing authentication with an LDAP server through a service that utilizes pam_authenticate. This can be exploited to login as an arbitrary user by providing an empty password. Successful exploitation requires the LDAP server to allow unauthenticated binds. The security issue is reported in version 1.3.0. Other versions may also be affected. SOLUTION: Fixed in the Trac repository. PROVIDED AND/OR DISCOVERED BY: The vendor credits Ted Brunell. ORIGINAL ADVISORY: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2940 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 26 19:44:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 27 Aug 2010 04:44:21 +0200 Subject: [SEC] [SA41100] Cisco Unified Communications Manager Two Denial of Service Vulnerabilities Message-ID: <201008270244.o7R2iLiK029544@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Cisco Unified Communications Manager Two Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA41100 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41100/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41100 RELEASE DATE: 2010-08-27 DISCUSS ADVISORY: http://secunia.com/advisories/41100/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41100/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41100 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Cisco Unified Communications Manager, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error in the SIP implementation can be exploited to terminate a critical process and disrupt voice services via specially crafted SIP messages. 2) Another error in the SIP implementation can be exploited to terminate a critical process and disrupt voice services via specially crafted SIP messages. Please see the vendor's advisory for details on affected versions. SOLUTION: Update to the latest version. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: cisco-sa-20100825-cucm: http://www.cisco.com/warp/public/707/cisco-sa-20100825-cucm.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 26 20:09:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 27 Aug 2010 05:09:21 +0200 Subject: [SEC] [SA41084] Mihalism Multi Host "album_title" PHP Code Injection Message-ID: <201008270309.o7R39L9F018173@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Mihalism Multi Host "album_title" PHP Code Injection SECUNIA ADVISORY ID: SA41084 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41084/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41084 RELEASE DATE: 2010-08-27 DISCUSS ADVISORY: http://secunia.com/advisories/41084/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41084/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41084 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Mihalism Multi Host, which can be exploited by malicious users to compromise a vulnerable system. Input passed via the "album_title" parameter to users.php (when "act" is set to "albums-c-d") is not properly sanitised before being used in e.g. source/public_html/users.tpl or source/public_html/admin/admin.tpl. This can be exploited to inject and execute arbitrary PHP code. The vulnerability is reported in versions 5.0.2 and prior. SOLUTION: The vendor has released an updated version 5.0.2, which fixes the vulnerability. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 26 20:23:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 27 Aug 2010 05:23:35 +0200 Subject: [SEC] [SA41140] Trend Micro Internet Security Pro 2010 ActiveX Control Vulnerability Message-ID: <201008270323.o7R3NZmd006308@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Trend Micro Internet Security Pro 2010 ActiveX Control Vulnerability SECUNIA ADVISORY ID: SA41140 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41140/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41140 RELEASE DATE: 2010-08-27 DISCUSS ADVISORY: http://secunia.com/advisories/41140/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41140/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41140 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Trend Micro Internet Security Pro 2010, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the "extSetOwner()" method of the UfProxyBrowserCtrl ActiveX control (UfPBCtrl.dll) not validating the value passed via the "varOwner" argument and using it as a pointer. Successful exploitation may allow execution of arbitrary code. SOLUTION: Apply hotfix (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Andrea Micalizzi aka rgod, reported via ZDI. ORIGINAL ADVISORY: ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-165/ Trend Micro: http://esupport.trendmicro.com/pages/Hot-Fix-UfPBCtrldll-is-vulnerable-to-remote-attackers.aspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 26 20:44:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 27 Aug 2010 05:44:33 +0200 Subject: [SEC] [SA41070] Cisco Unified Presence Two Denial of Service Vulnerabilities Message-ID: <201008270344.o7R3iXlZ027148@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Cisco Unified Presence Two Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA41070 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41070/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41070 RELEASE DATE: 2010-08-27 DISCUSS ADVISORY: http://secunia.com/advisories/41070/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41070/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41070 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Cisco Unified Presence, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error in the SIP implementation can be exploited to terminate a critical process and disrupt presence services via specially crafted SIP messages. 2) Another error in the SIP implementation can be exploited to terminate a critical process and disrupt presence services via specially crafted SIP messages. The vulnerabilities are reported in versions prior to 6.0(7) and 7.0(8). SOLUTION: Update to version 6.0(7) or 7.0(8). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: cisco-sa-20100825-cup: http://www.cisco.com/warp/public/707/cisco-sa-20100825-cup.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 26 21:09:55 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 27 Aug 2010 06:09:55 +0200 Subject: [SEC] [SA41136] Microsoft Windows Progman Group Converter Insecure Library Loading Message-ID: <201008270409.o7R49tLS015788@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Microsoft Windows Progman Group Converter Insecure Library Loading SECUNIA ADVISORY ID: SA41136 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41136/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41136 RELEASE DATE: 2010-08-27 DISCUSS ADVISORY: http://secunia.com/advisories/41136/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41136/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41136 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the Windows Progman Group Converter (grpconv.exe) loading libraries (e.g. imm.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a GRP file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in a fully patched Windows XP SP3 and Windows Server 2003 R2 Enterprise SP2. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Alvaro Ovalle and Beenu Arora ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/14758/ http://www.exploit-db.com/exploits/14770/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 26 21:23:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 27 Aug 2010 06:23:40 +0200 Subject: [SEC] [SA41134] Adobe Illustrator Insecure Library Loading Vulnerability Message-ID: <201008270423.o7R4NePK003888@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Adobe Illustrator Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41134 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41134/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41134 RELEASE DATE: 2010-08-27 DISCUSS ADVISORY: http://secunia.com/advisories/41134/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41134/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41134 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Adobe Illustrator, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll or System\enu_us\AIRes.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a Adobe Illustrator Template (.ait) located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in Adobe Illustrator CS4 and confirmed in Adobe Illustrator CS5 version 15.0.1 for Windows. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Glafkos Charalambous ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/14773/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 26 21:44:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 27 Aug 2010 06:44:36 +0200 Subject: [SEC] [SA41093] Winamp Insecure Library Loading Vulnerability Message-ID: <201008270444.o7R4ia8L024729@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Winamp Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41093 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41093/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41093 RELEASE DATE: 2010-08-27 DISCUSS ADVISORY: http://secunia.com/advisories/41093/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41093/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41093 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Winamp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening an ASX file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 5.581. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Taeho Kwon and Zhendong Su ORIGINAL ADVISORY: http://www.cs.ucdavis.edu/research/tech-reports/2010/CSE-2010-2.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Aug 26 22:09:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 27 Aug 2010 07:09:31 +0200 Subject: [SEC] [SA41166] NetBSD CODA Filesystem Kernel Memory Information Disclosure Vulnerability Message-ID: <201008270509.o7R59V0J013356@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: NetBSD CODA Filesystem Kernel Memory Information Disclosure Vulnerability SECUNIA ADVISORY ID: SA41166 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41166/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41166 RELEASE DATE: 2010-08-27 DISCUSS ADVISORY: http://secunia.com/advisories/41166/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41166/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41166 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Dan Rosenberg has reported a vulnerability in NetBSD, which can be exploited by malicious, local users to disclose system information. The vulnerability is caused due to a signedness error in the CODA filesystem kernel module when handling the size members of the ViceIoctl structure and can be exploited to read kernel memory. The vulnerability is reported in the following versions: * NetBSD-current prior to July 20, 2010 * NetBSD 5.0.2 * NetBSD 5.0.1 * NetBSD 5.0 * NetBSD 4.0.1 * NetBSD 4.0 SOLUTION: Fixed in the CVS repository. PROVIDED AND/OR DISCOVERED BY: Dan Rosenberg ORIGINAL ADVISORY: NetBSD: http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-006.txt.asc Dan Rosenberg: http://www.vsecurity.com/advisory/20100816-1.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 27 10:29:50 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 27 Aug 2010 19:29:50 +0200 Subject: [SEC] [SA41148] CorelDRAW Graphics Suite Insecure Library Loading Vulnerability Message-ID: <201008271729.o7RHToJX019801@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: CorelDRAW Graphics Suite Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41148 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41148/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41148 RELEASE DATE: 2010-08-27 DISCUSS ADVISORY: http://secunia.com/advisories/41148/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41148/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41148 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in CorelDRAW Graphics Suite, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the CorelDRAW and Corel PHOTO-PAINT applications loading libraries (e.g. dwmapi.dll, CrlRib.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening CDR or CPT files located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version X5 15.1.0.588 and also reported in X3 13.0.0.576. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Gjoko Krstic ORIGINAL ADVISORY: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4953.php http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4954.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 27 11:29:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 27 Aug 2010 20:29:34 +0200 Subject: [SEC] [SA41150] BugTracker.NET Custom Field SQL Injection Vulnerability Message-ID: <201008271829.o7RITYr1009981@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: BugTracker.NET Custom Field SQL Injection Vulnerability SECUNIA ADVISORY ID: SA41150 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41150/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41150 RELEASE DATE: 2010-08-27 DISCUSS ADVISORY: http://secunia.com/advisories/41150/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41150/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41150 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Mark van Tilburg has reported a vulnerability in BugTracker.NET, which can be exploited by malicious users to conduct SQL injection attacks. Input passed via the custom field parameters to search.aspx is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 3.4.3. Other versions may also be affected. SOLUTION: Update to version 3.4.4. PROVIDED AND/OR DISCOVERED BY: Mark van Tilburg ORIGINAL ADVISORY: BugTracker.NET: http://sourceforge.net/projects/btnet/files/btnet_3_4_4_release_notes.txt/view Mark van Tilburg: http://archives.neohapsis.com/archives/bugtraq/2010-08/0340.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 27 12:29:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 27 Aug 2010 21:29:58 +0200 Subject: [SEC] [SA41173] IBM WebSphere Application Server Web Services Time Stamp Security Issue Message-ID: <201008271929.o7RJTw0d032618@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: IBM WebSphere Application Server Web Services Time Stamp Security Issue SECUNIA ADVISORY ID: SA41173 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41173/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41173 RELEASE DATE: 2010-08-27 DISCUSS ADVISORY: http://secunia.com/advisories/41173/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41173/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41173 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue with an unknown impact has been reported in IBM WebSphere Application Server. The security issue is caused due to an unspecified error when Java API for XML Web Services (JAX-WS) application with the WS-Security policy specifies a Time Stamp value. No further information is currently available. The security issue is reported in the following products: * IBM WebSphere Application Server 7.0 through 7.0.0.11 * IBM WebSphere Application Server Feature Pack for Web Services 6.1.0.9 through 6.1.0.32. SOLUTION: Apply interim fixes (please see the vendor's advisory for details) or Fix Pack 33 (6.1.0.33) and Fix Pack 13 (7.0.0.13) when they become available. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (PM16014, PM08360): http://www-01.ibm.com/support/docview.wss?uid=swg21443736 http://www-01.ibm.com/support/docview.wss?uid=swg24027708 http://www-01.ibm.com/support/docview.wss?uid=swg24027709 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 27 13:29:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 27 Aug 2010 22:29:40 +0200 Subject: [SEC] [SA41108] DivX Plus Player Insecure Library Loading Vulnerability Message-ID: <201008272029.o7RKTe1j022796@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: DivX Plus Player Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41108 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41108/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41108 RELEASE DATE: 2010-08-27 DISCUSS ADVISORY: http://secunia.com/advisories/41108/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41108/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41108 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in DivX Plus Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. VersionCheckDLL.dll in version 7, import\Qt\win32vs05\all\bin\ssleay32.dll in version 8) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening an AVI file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 7.2.019 and 8.1.0. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Parvez Anwar via Secunia ORIGINAL ADVISORY: Secunia blog: http://secunia.com/blog/120/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 27 14:23:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 27 Aug 2010 23:23:34 +0200 Subject: [SEC] [SA41138] Prometeo CMS "ID" SQL Injection Vulnerability Message-ID: <201008272123.o7RLNYjR012717@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Prometeo CMS "ID" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA41138 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41138/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41138 RELEASE DATE: 2010-08-27 DISCUSS ADVISORY: http://secunia.com/advisories/41138/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41138/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41138 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Prometeo CMS, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "ID" parameter to categoria.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 1.0.65. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Network Security OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 27 14:44:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 27 Aug 2010 23:44:40 +0200 Subject: [SEC] [SA41132] Fedora update for kdegraphics Message-ID: <201008272144.o7RLieI5001107@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Fedora update for kdegraphics SECUNIA ADVISORY ID: SA41132 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41132/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41132 RELEASE DATE: 2010-08-27 DISCUSS ADVISORY: http://secunia.com/advisories/41132/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41132/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41132 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for kdegraphics. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system. For more information: SA40952 SOLUTION: Apply updated packages using the yum utility ("yum update kdegraphics"). ORIGINAL ADVISORY: FEDORA-2010-13661: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046542.html FEDORA-2010-13629: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046524.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 27 15:11:45 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 28 Aug 2010 00:11:45 +0200 Subject: [SEC] [SA41161] Joomla! / Mambo Remository Component Arbitrary File Upload Vulnerability Message-ID: <201008272211.o7RMBjqr022384@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Joomla! / Mambo Remository Component Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA41161 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41161/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41161 RELEASE DATE: 2010-08-27 DISCUSS ADVISORY: http://secunia.com/advisories/41161/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41161/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41161 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Remository component for Joomla! / Mambo, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to an error in application when uploading thumbnails, which allows uploading of files with arbitrary extensions to a folder inside the webroot. This can be exploited to e.g. execute arbitrary PHP code by uploading a PHP file. NOTE: The stored file name is based on the original file name and a time stamp, which is predictable. The vulnerability is confirmed in version 3.53.5J on Joomla!. Other versions may also be affected. SOLUTION: Restrict access to the "components/com_remository_files" directory (e.g. via .htaccess). PROVIDED AND/OR DISCOVERED BY: J3yk0ob OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 27 15:46:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 28 Aug 2010 00:46:14 +0200 Subject: [SEC] [SA41174] CyberLink Power2Go Insecure Library Loading Vulnerability Message-ID: <201008272246.o7RMkE1O011441@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: CyberLink Power2Go Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41174 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41174/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41174 RELEASE DATE: 2010-08-28 DISCUSS ADVISORY: http://secunia.com/advisories/41174/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41174/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41174 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in CyberLink Power2Go, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll, MFC71LOC.DLL) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a P2G file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in version 6 and confirmed in version 7.0.0.0816. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: "exploit dev" ORIGINAL ADVISORY: http://extraexploit.blogspot.com/2010/08/dll-hijacking-my-test-cases-on-default.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 27 16:13:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 28 Aug 2010 01:13:19 +0200 Subject: [SEC] [SA41142] CyberLink PowerDirector Insecure Library Loading Vulnerability Message-ID: <201008272313.o7RNDJVE032548@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: CyberLink PowerDirector Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41142 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41142/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41142 RELEASE DATE: 2010-08-28 DISCUSS ADVISORY: http://secunia.com/advisories/41142/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41142/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41142 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in CyberLink PowerDirector, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll in version 8 and reportedly e.g. mfc71loc.dll in version 7) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a PowerDirector library (.pdl) located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in CyberLink PowerDirector 7 and confirmed in PowerDirector 8 version 8.00.3022. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: "exploit dev" ORIGINAL ADVISORY: http://extraexploit.blogspot.com/2010/08/dll-hijacking-my-test-cases-on-default.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 27 16:46:06 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 28 Aug 2010 01:46:06 +0200 Subject: [SEC] [SA41139] Red Hat update for gdm Message-ID: <201008272346.o7RNk64J021532@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Red Hat update for gdm SECUNIA ADVISORY ID: SA41139 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41139/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41139 RELEASE DATE: 2010-08-28 DISCUSS ADVISORY: http://secunia.com/advisories/41139/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41139/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41139 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for gdm. This fixes a security issue, which can be exploited by malicious people to potentially bypass certain security restrictions. The problem is that the gdm package is built without TCP wrappers support, which could result in improper access restrictions being imposed. SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0657-1: https://rhn.redhat.com/errata/RHSA-2010-0657.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 27 17:12:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 28 Aug 2010 02:12:11 +0200 Subject: [SEC] [SA41156] Autodesk AutoCAD Insecure Library Loading Vulnerability Message-ID: <201008280012.o7S0CBT6010211@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Autodesk AutoCAD Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41156 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41156/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41156 RELEASE DATE: 2010-08-28 DISCUSS ADVISORY: http://secunia.com/advisories/41156/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41156/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41156 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Autodesk AutoCAD, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll, IBFS32.DLL) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a DWG file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 2010. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Findthee Swing Additional information provided by Secunia Research. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 27 17:44:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 28 Aug 2010 02:44:28 +0200 Subject: [SEC] [SA41155] hinnendahl Kontakt Formular "script_pfad" Local File Inclusion Vulnerability Message-ID: <201008280044.o7S0iSug031551@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: hinnendahl Kontakt Formular "script_pfad" Local File Inclusion Vulnerability SECUNIA ADVISORY ID: SA41155 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41155/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41155 RELEASE DATE: 2010-08-28 DISCUSS ADVISORY: http://secunia.com/advisories/41155/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41155/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41155 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in hinnendahl Kontakt Formular, which can be exploited by malicious people to disclose sensitive information. Input passed via the "script_pfad" parameter to kontaktformular/formmailer.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation requires that "magic_quotes_gpc" is disabled an "register_globals" is enabled. The vulnerability is confirmed in version 1.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: bd0rk OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 27 18:09:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 28 Aug 2010 03:09:30 +0200 Subject: [SEC] [SA41160] hinnendahl CMS & News Script light "script_pfad" File Inclusion Vulnerability Message-ID: <201008280109.o7S19U3o020177@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: hinnendahl CMS & News Script light "script_pfad" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA41160 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41160/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41160 RELEASE DATE: 2010-08-28 DISCUSS ADVISORY: http://secunia.com/advisories/41160/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41160/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41160 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in hinnendahl CMS & News Script light, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "script_pfad" parameter in news_system/news_base.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or remote resources. Successful exploitation requires that "register_globals" is enabled. The vulnerability is confirmed in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: bd0rk OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 27 18:23:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 28 Aug 2010 03:23:22 +0200 Subject: [SEC] [SA41154] RealPlayer Multiple Vulnerabilities Message-ID: <201008280123.o7S1NMs3008289@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: RealPlayer Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41154 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41154/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41154 RELEASE DATE: 2010-08-28 DISCUSS ADVISORY: http://secunia.com/advisories/41154/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41154/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41154 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in RealPlayer, where one has an unknown impact and others can be exploited by malicious people to access files or compromise a user's system. For more information: SA41096 1) An array-indexing error in the parsing of IVR data headers can be exploited to dereference memory outside the bounds of an array as an object pointer. 2) An error in a RealPlayer ActiveX control allows unauthorised file access. The vulnerabilities are reported in version 11.1 and prior. SOLUTION: Upgrade to RealPlayer SP version 1.1.5. PROVIDED AND/OR DISCOVERED BY: 1) An anonymous person via ZDI. 2) The vendor credits Behrang Fouladi, SensePost. ORIGINAL ADVISORY: RealNetworks: http://service.real.com/realplayer/security/08262010_player/en/ ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-166/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 27 18:44:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 28 Aug 2010 03:44:28 +0200 Subject: [SEC] [SA41128] Fedora update for bugzilla Message-ID: <201008280144.o7S1iSce029131@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Fedora update for bugzilla SECUNIA ADVISORY ID: SA41128 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41128/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41128 RELEASE DATE: 2010-08-28 DISCUSS ADVISORY: http://secunia.com/advisories/41128/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41128/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41128 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for bugzilla. This fixes multiple weaknesses and a vulnerability, which can be exploited by malicious users to bypass certain security restrictions and cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information. For more information: SA40892 SOLUTION: Apply updated packages using the yum utility ("yum update bugzilla"). ORIGINAL ADVISORY: FEDORA-2010-13072: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.html FEDORA-2010-13086: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 27 19:15:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 28 Aug 2010 04:15:02 +0200 Subject: [SEC] [SA41096] RealPlayer SP Multiple Vulnerabilities Message-ID: <201008280215.o7S2F2Gb018500@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: RealPlayer SP Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41096 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41096/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41096 RELEASE DATE: 2010-08-28 DISCUSS ADVISORY: http://secunia.com/advisories/41096/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41096/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41096 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in RealPlayer, where one has an unknown impact and others can be exploited by malicious people to compromise a user's system. 1) An integer overflow error in the parsing of QCP files can be exploited to cause a heap-based buffer overflow via a specially crafted file. 2) An error in the processing of dimensions in the YUV420 transformation of content can be exploited to corrupt memory via a specially crafted file. 3) A boundary error in the parsing of QCP audio content can be exploited to cause a heap-based buffer via specially crafted files containing certain overly large size values. 4) Two integer overflow errors in the "ParseKnownType()" function when handling the "HX_FLV_META_AMF_TYPE_MIXEDARRAY" and "HX_FLV_META_AMF_TYPE_ARRAY" data types can be exploited to corrupt memory via specially crafted FLV files. 5) An unspecified error exists in the RealPlayer ActiveX IE Plugin when opening multiple browser windows. The vulnerabilities are reported in version 1.1.4 and prior. SOLUTION: Update to RealPlayer SP version 1.1.5. PROVIDED AND/OR DISCOVERED BY: 1) Alin Rad Pop, Secunia Research. 2, 3) Carsten Eiram, Secunia Research. 4) Sebastian Apelt, siberas via ZDI. 5) The vendor credits Steve Manzuik, Microsoft Vulnerability Research (MSVR). ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2010-3/ http://secunia.com/secunia_research/2010-5/ http://secunia.com/secunia_research/2010-8/ RealNetworks: http://service.real.com/realplayer/security/08262010_player/en/ http://realnetworksblog.com/?p=1918 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-167/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 27 19:44:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 28 Aug 2010 04:44:30 +0200 Subject: [SEC] [SA41172] Drupal BlastChat Client Module "Itemid" Cross-Site Scripting Vulnerability Message-ID: <201008280244.o7S2iUMb007321@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Drupal BlastChat Client Module "Itemid" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA41172 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41172/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41172 RELEASE DATE: 2010-08-28 DISCUSS ADVISORY: http://secunia.com/advisories/41172/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41172/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41172 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the BlastChat Client module for Drupal, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "Itemid" to index.php when using the BlastChat Client module is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 1.2. SOLUTION: Update to version 1.2. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. Originally reported in the BlastChat Client module for Joomla! / Mambo by Aung Khant. ORIGINAL ADVISORY: Aung Khant: http://yehg.net/lab/pr0js/advisories/joomla/%5Bcom_blastchatc%5D_cross_site_scripting OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 27 20:09:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 28 Aug 2010 05:09:18 +0200 Subject: [SEC] [SA41171] SUSE update for Multiple Packages Message-ID: <201008280309.o7S39IFW028328@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: SUSE update for Multiple Packages SECUNIA ADVISORY ID: SA41171 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41171/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41171 RELEASE DATE: 2010-08-28 DISCUSS ADVISORY: http://secunia.com/advisories/41171/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41171/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41171 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for multiple packages. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), compromise an application using the library, and potentially compromise a vulnerable system. For more information: SA40049 SA40120 SA40586 SA40639 SA40816 SA40991 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SR:2010:016: http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00005.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 27 20:23:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 28 Aug 2010 05:23:25 +0200 Subject: [SEC] [SA41141] Hycus CMS Cross-Site Request Forgery Vulnerability Message-ID: <201008280323.o7S3NP9s016454@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Hycus CMS Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA41141 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41141/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41141 RELEASE DATE: 2010-08-28 DISCUSS ADVISORY: http://secunia.com/advisories/41141/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41141/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41141 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Hycus CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests, without making proper validity checks to verify the requests. This can be exploited to e.g. add an administrative user, or change an administrative user account details by tricking a logged-in administrative user into visiting a malicious web site. The vulnerability is confirmed in version 1.0.1. Other versions may also be affected. SOLUTION: Do not browse untrusted web sites nor follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: 10n1z3d OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 27 20:44:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 28 Aug 2010 05:44:22 +0200 Subject: [SEC] [SA41086] Ubuntu update for kdegraphics Message-ID: <201008280344.o7S3iMuY004882@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Ubuntu update for kdegraphics SECUNIA ADVISORY ID: SA41086 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41086/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41086 RELEASE DATE: 2010-08-28 DISCUSS ADVISORY: http://secunia.com/advisories/41086/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41086/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41086 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for kdegraphics. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system. For more information: SA40952 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-979-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-August/001147.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 27 21:09:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 28 Aug 2010 06:09:46 +0200 Subject: [SA41157] PHP Gästebuch Script "script_pfad" Local File Inclusion Vulnerability Message-ID: <201008280409.o7S49kPu025941@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: PHP G?stebuch Script "script_pfad" Local File Inclusion Vulnerability SECUNIA ADVISORY ID: SA41157 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41157/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41157 RELEASE DATE: 2010-08-28 DISCUSS ADVISORY: http://secunia.com/advisories/41157/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41157/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41157 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in PHP G?stebuch Script, which can be exploited by malicious people to disclose sensitive information. Input passed via the "script_pfad" parameter to guestbook/gbook.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation requires that "magic_quotes_gpc" is disabled and "register_globals" is enabled. The vulnerability is confirmed in version 1.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: bd0rk OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 27 21:23:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 28 Aug 2010 06:23:21 +0200 Subject: [SEC] [SA41146] DAEMON Tools Insecure Library Loading Vulnerability Message-ID: <201008280423.o7S4NLcc014051@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: DAEMON Tools Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41146 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41146/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41146 RELEASE DATE: 2010-08-28 DISCUSS ADVISORY: http://secunia.com/advisories/41146/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41146/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41146 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in DAEMON Tools, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. mfc80loc.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a MDS file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in DAEMON Tools Lite (free license) version 4.35.6.0091 and DAEMON Tools Pro Standard Edition (trial license) version 4.36.0309.0160. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Mohamed Clay ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/14791/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 27 21:43:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 28 Aug 2010 06:43:54 +0200 Subject: [SEC] [SA41129] Joomla! / Mambo BlastChat Client Component "Itemid" Cross-Site Scripting Vulnerability Message-ID: <201008280443.o7S4hs1q002401@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Joomla! / Mambo BlastChat Client Component "Itemid" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA41129 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41129/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41129 RELEASE DATE: 2010-08-28 DISCUSS ADVISORY: http://secunia.com/advisories/41129/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41129/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41129 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Aung Khant has reported a vulnerability in the BlastChat Client component for Joomla! / Mambo, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "Itemid" parameter to index.php (when "option" is set to "com_blastchatc") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 3.4. SOLUTION: Update to version 3.4. PROVIDED AND/OR DISCOVERED BY: Aung Khant, YGN Ethical Hacker Group. ORIGINAL ADVISORY: Aung Khant: http://yehg.net/lab/pr0js/advisories/joomla/%5Bcom_blastchatc%5D_cross_site_scripting OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Aug 27 22:09:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 28 Aug 2010 07:09:07 +0200 Subject: [SEC] [SA41117] Ubuntu update for tomcat6 Message-ID: <201008280509.o7S597iR023505@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Ubuntu update for tomcat6 SECUNIA ADVISORY ID: SA41117 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41117/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41117 RELEASE DATE: 2010-08-28 DISCUSS ADVISORY: http://secunia.com/advisories/41117/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41117/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41117 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for tomcat6. This fixes a vulnerability, which can be exploited by malicious people to disclose certain system information and cause a DoS (Denial of Service). For more information: SA39574 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-976-1: http://www.ubuntu.com/usn/usn-976-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Aug 28 10:29:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 28 Aug 2010 19:29:23 +0200 Subject: [SEC] [SA41114] Microsoft Windows Indeo Filter Insecure Library Loading Vulnerability Message-ID: <201008281729.o7SHTNFA011951@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Microsoft Windows Indeo Filter Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41114 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41114/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41114 RELEASE DATE: 2010-08-28 DISCUSS ADVISORY: http://secunia.com/advisories/41114/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41114/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41114 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the Indeo filter (iac25_32.ax) loading libraries (e.g. iacenc.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening an AVI file located on a remote WebDAV or SMB share via an application using the filter (e.g. BS.Player or Media Player Classic). Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in a fully patched Windows XP SP3 including iac25_32.ax version 2.0.5.53. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Reported in Media Player Classic by Gjoko Krstic. Additional information provided by Secunia Research. ORIGINAL ADVISORY: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4956.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Aug 28 11:29:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 28 Aug 2010 20:29:35 +0200 Subject: [SEC] [SA41165] Fedora update for mapserver Message-ID: <201008281829.o7SITZvf002095@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Fedora update for mapserver SECUNIA ADVISORY ID: SA41165 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41165/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41165 RELEASE DATE: 2010-08-28 DISCUSS ADVISORY: http://secunia.com/advisories/41165/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41165/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41165 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for mapserver. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise a vulnerable system. For more information: SA40790 SOLUTION: Apply updated packages via the yum utility ("yum update mapserver"). ORIGINAL ADVISORY: FEDORA-2010-12266: https://admin.fedoraproject.org/updates/mapserver-5.6.5-1.fc13 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Aug 28 12:28:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 28 Aug 2010 21:28:59 +0200 Subject: [SEC] [SA41102] Ubuntu update for python-moin Message-ID: <201008281928.o7SJSx4d024704@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Ubuntu update for python-moin SECUNIA ADVISORY ID: SA41102 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41102/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41102 RELEASE DATE: 2010-08-28 DISCUSS ADVISORY: http://secunia.com/advisories/41102/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41102/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41102 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for python-moin. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA40043 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-977-1: http://www.ubuntu.com/usn/usn-977-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Aug 28 13:29:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 28 Aug 2010 22:29:17 +0200 Subject: [SEC] [SA41126] Adobe InDesign Insecure Library Loading Vulnerability Message-ID: <201008282029.o7SKTHvl014927@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Adobe InDesign Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41126 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41126/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41126 RELEASE DATE: 2010-08-28 DISCUSS ADVISORY: http://secunia.com/advisories/41126/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41126/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41126 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Adobe InDesign, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll in CS5 and reportedly ibfs32.dll in CS4) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening an Adobe InDesign Template (.indt) located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in Adobe InDesign CS4 and confirmed in Adobe InDesign CS5 version 7.0.2 for Windows. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Glafkos Charalambous ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/14775/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Aug 28 14:23:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 28 Aug 2010 23:23:30 +0200 Subject: [SEC] [SA40928] phpBugTracker SQL Injection and Arbitrary File Upload Vulnerabilities Message-ID: <201008282123.o7SLNUoi004844@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: phpBugTracker SQL Injection and Arbitrary File Upload Vulnerabilities SECUNIA ADVISORY ID: SA40928 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40928/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40928 RELEASE DATE: 2010-08-28 DISCUSS ADVISORY: http://secunia.com/advisories/40928/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40928/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40928 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered two vulnerabilities in phpBugTracker, which can be exploited by malicious users to conduct SQL injection attacks and compromise a vulnerable system. 1) Input passed via the "bugid" parameter to attachment.php when uploading a file is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) The "add_attachment()" function in attachment.php allows upload of files with arbitrary extensions to a folder inside the web root. This can be exploited to execute arbitrary PHP code by uploading a PHP file. Successful exploitation of the vulnerabilities requires "Developer" permissions. The vulnerabilities are confirmed in version 1.0.5. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Restrict access to the "attachments/" directory (e.g. via .htaccess). PROVIDED AND/OR DISCOVERED BY: Secunia Research ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2010-107/ http://secunia.com/secunia_research/2010-108/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Aug 28 14:44:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 28 Aug 2010 23:44:26 +0200 Subject: [SEC] [SA41060] Adobe Photoshop Insecure Library Loading Vulnerability Message-ID: <201008282144.o7SLiQ3s025675@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Adobe Photoshop Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41060 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41060/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41060 RELEASE DATE: 2010-08-28 DISCUSS ADVISORY: http://secunia.com/advisories/41060/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41060/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41060 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Adobe PhotoShop, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll) in an insecure manner and can be exploited to load arbitrary libraries by tricking a user into e.g. opening a PSD file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in CS4 and CS5 for Windows. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Thierry Zoller ORIGINAL ADVISORY: Thierry Zoller: http://blog.zoller.lu/2010/08/cve-2010-xn-loadlibrarygetprocaddress.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Aug 28 15:11:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 29 Aug 2010 00:11:19 +0200 Subject: [SEC] [SA41090] Squid Long DNS Replies Denial of Service Vulnerability Message-ID: <201008282211.o7SMBJXG014490@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Squid Long DNS Replies Denial of Service Vulnerability SECUNIA ADVISORY ID: SA41090 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41090/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41090 RELEASE DATE: 2010-08-28 DISCUSS ADVISORY: http://secunia.com/advisories/41090/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41090/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41090 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a logic error when receiving long DNS replies, which can be exploited to trigger an assertion error by returning a long DNS reply to a Squid server with no IPv6 resolver configured. The vulnerability is reported in version 3.1.5.1 and 3.1.6. Prior versions may also be affected. SOLUTION: Update to version 3.1.7. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Stephen Thorne ORIGINAL ADVISORY: Squid 3.1.7 Announcement: http://marc.info/?l=squid-users&m=128263555724981&w=2 Squid Bug #3021: http://bugs.squid-cache.org/show_bug.cgi?id=3021 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Aug 28 15:45:55 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 29 Aug 2010 00:45:55 +0200 Subject: [SEC] [SA41064] Wireshark Insecure Library Loading Vulnerability Message-ID: <201008282245.o7SMjtSC003513@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Wireshark Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41064 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41064/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41064 RELEASE DATE: 2010-08-29 DISCUSS ADVISORY: http://secunia.com/advisories/41064/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41064/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41064 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Wireshark, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. airpcap.dll) in an insecure manner and can be exploited to load arbitrary libraries by tricking a user into e.g. opening a pcap file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 1.2.10 for Windows. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: TheLeader ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/14721/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Aug 28 16:12:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 29 Aug 2010 01:12:48 +0200 Subject: [SEC] [SA41099] Fedora update for zabbix Message-ID: <201008282312.o7SNCmnN024627@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Fedora update for zabbix SECUNIA ADVISORY ID: SA41099 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41099/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41099 RELEASE DATE: 2010-08-29 DISCUSS ADVISORY: http://secunia.com/advisories/41099/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41099/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41099 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for zabbix. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA40679 SOLUTION: Apply updated packages using the yum utility ("yum update zabbix"). ORIGINAL ADVISORY: FEDORA-2010-12752: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046316.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Aug 28 16:45:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 29 Aug 2010 01:45:20 +0200 Subject: [SEC] [SA41087] Apple Mac OS X Security Update Fixes Multiple Vulnerabilities Message-ID: <201008282345.o7SNjKRH013587@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41087 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41087/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41087 RELEASE DATE: 2010-08-29 DISCUSS ADVISORY: http://secunia.com/advisories/41087/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41087/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41087 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities. 1) A boundary error in Apple Type Services when handling embedded fonts can be exploited to cause a stack-based buffer overflow via a document containing a specially crafted embedded font. Successful exploitation of this vulnerability may allow execution of arbitrary code. 2) The CFNetwork component allows anonymous TLS/SSL connections, which via MitM (Man-in-the-Middle) attacks can be exploited to redirect connections and intercept sensitive information. 3) Various vulnerabilities in ClamAV can be exploited by malicious people to bypass the scanning functionality or potentially compromise a vulnerable system. For more information: SA39329 4) An error in the CoreGraphics component within the "JBIG2Stream::readSymbolDictSeg()" method when processing the JBIG2 structure can be exploited to cause a heap-based buffer overflow. Successful exploitation of this vulnerability may allow execution of arbitrary code. 5) An error in the libsecurity component when handling certificate host names containing three or more components causes the last characters to not be properly compared making it possible to conduct spoofing attacks. 6) An error in the PHP libpng library can be exploited by malicious people to potentially compromise a vulnerable system. For more information see vulnerability #1: SA40302 7) Multiple vulnerabilities exist in the bundled version of PHP. For more information: SA38708 SA40268 SA39675 8) A vulnerability in Samba can be exploited by malicious people to potentially compromise a vulnerable system. For more information: SA40145 SOLUTION: Apply Security Update 2010-005. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 4) Rodrigo Rubira Branco, Check Point Vulnerability Discovery Team (VDT). The vendor also credits: 2) Aaron Sigel of vtty.com, Jean-Luc Giraud of Citrix, Tomas Bjurman of Sirius IT, and Wan-Teh Chang of Google. 5) Peter Speck. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4312 Rodrigo Rubira Branco: http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0315.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Aug 28 17:11:52 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 29 Aug 2010 02:11:52 +0200 Subject: [SEC] [SA41051] uTorrent Insecure Library Loading Vulnerability Message-ID: <201008290011.o7T0BqNM002224@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: uTorrent Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41051 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41051/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41051 RELEASE DATE: 2010-08-29 DISCUSS ADVISORY: http://secunia.com/advisories/41051/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41051/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41051 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in uTorrent, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. plugin_dll.dll) in an insecure manner and can be exploited to load arbitrary libraries by tricking a user into e.g. opening a torrent file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 2.0.3 for Windows. Other versions may also be affected. SOLUTION: Update to version 2.0.4. PROVIDED AND/OR DISCOVERED BY: TheLeader ORIGINAL ADVISORY: uTorrent: http://forum.utorrent.com/viewtopic.php?id=82840 TheLeader: http://www.exploit-db.com/exploits/14726 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 30 10:27:45 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 30 Aug 2010 19:27:45 +0200 Subject: [SEC] [SA41144] SnackAmp Music Player SMP/WAV File Processing Buffer Overflows Message-ID: <201008301727.o7UHRjJR004733@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: SnackAmp Music Player SMP/WAV File Processing Buffer Overflows SECUNIA ADVISORY ID: SA41144 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41144/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41144 RELEASE DATE: 2010-08-30 DISCUSS ADVISORY: http://secunia.com/advisories/41144/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41144/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41144 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in SnackAmp Music Player, which can be exploited by malicious people to compromise a user's system. 1) A boundary error when parsing SMP files can be exploited to cause a stack-based buffer overflow via a specially crafted file. 2) A boundary error when parsing WAV files can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are confirmed in version 3.1.2. Other versions may also be affected. SOLUTION: Do not open untrusted SMP and WAV files. PROVIDED AND/OR DISCOVERED BY: James Fitts ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/14831/ http://www.exploit-db.com/exploits/14832/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 30 11:27:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 30 Aug 2010 20:27:42 +0200 Subject: [SEC] [SA41229] CDisplay Insecure Library Loading Vulnerability Message-ID: <201008301827.o7UIRggt027358@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: CDisplay Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41229 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41229/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41229 RELEASE DATE: 2010-08-30 DISCUSS ADVISORY: http://secunia.com/advisories/41229/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41229/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41229 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in CDisplay, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. TRACE32.DLL) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a CBA file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 1.8.1. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Peter Van Eeckhoutte ORIGINAL ADVISORY: http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 30 12:27:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 30 Aug 2010 21:27:37 +0200 Subject: [SEC] [SA41212] MS Visual Studio Insecure Library Loading Vulnerability Message-ID: <201008301927.o7UJRbej017559@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: MS Visual Studio Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41212 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41212/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41212 RELEASE DATE: 2010-08-30 DISCUSS ADVISORY: http://secunia.com/advisories/41212/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41212/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41212 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Microsoft Visual Studio, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to ATL MFC Trace Tool (AtlTraceTool8.exe) loading libraries (e.g. dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a TRC file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 10.0.30319.1. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Peter Van Eeckhoutte ORIGINAL ADVISORY: http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 30 13:27:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 30 Aug 2010 22:27:35 +0200 Subject: [SEC] [SA41169] Seagull PHP Framework "frmQuestion" SQL Injection Vulnerability Message-ID: <201008302027.o7UKRZJH007768@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Seagull PHP Framework "frmQuestion" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA41169 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41169/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41169 RELEASE DATE: 2010-08-30 DISCUSS ADVISORY: http://secunia.com/advisories/41169/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41169/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41169 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Seagull PHP Framework, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "frmQuestion" parameter to index.php/user/password (when "action" is set to "retrieve") is not properly sanitised before being used in SQL queries in the "_cmd_retrieve()" function in modules/user/classes/PasswordMgr.php. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 0.6.7. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Sweet OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 30 14:21:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 30 Aug 2010 23:21:41 +0200 Subject: [SEC] [SA41232] Adobe Audition Insecure Library Loading Vulnerability Message-ID: <201008302121.o7ULLfb3030094@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Adobe Audition Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41232 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41232/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41232 RELEASE DATE: 2010-08-30 DISCUSS ADVISORY: http://secunia.com/advisories/41232/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41232/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41232 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Adobe Audition, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. Assist.Dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening an Adobe Audition session (.ses) located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 3.0 build 7283.0 for Windows. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Peter Van Eeckhoutte ORIGINAL ADVISORY: http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 30 14:42:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 30 Aug 2010 23:42:40 +0200 Subject: [SEC] [SA41177] LEADTOOLS LEAD RasterTwain ActiveX Control "AppName" Property Buffer Overflow Message-ID: <201008302142.o7ULge5P018537@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: LEADTOOLS LEAD RasterTwain ActiveX Control "AppName" Property Buffer Overflow SECUNIA ADVISORY ID: SA41177 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41177/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41177 RELEASE DATE: 2010-08-30 DISCUSS ADVISORY: http://secunia.com/advisories/41177/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41177/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41177 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gjoko Krstic has discovered a vulnerability in LEADTOOLS LEAD RasterTwain ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in LtocxTwainu.dll when handling the value assigned to the "AppName" property and can be exploited to cause a heap-based buffer overflow via an overly long string. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 16.5. Other versions may also be affected. SOLUTION: Set the kill-bit for the affected ActiveX control. PROVIDED AND/OR DISCOVERED BY: Gjoko Krstic ORIGINAL ADVISORY: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4960.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 30 15:02:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 31 Aug 2010 00:02:10 +0200 Subject: [SEC] [SA41158] EncFS Multiple Weaknesses Message-ID: <201008302202.o7UM2ATm007025@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: EncFS Multiple Weaknesses SECUNIA ADVISORY ID: SA41158 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41158/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41158 RELEASE DATE: 2010-08-30 DISCUSS ADVISORY: http://secunia.com/advisories/41158/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41158/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41158 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Micha Riser has reported some weaknesses in EncFS, which can be exploited by malicious people to bypass certain security features. 1) The application uses only 4 bytes as initialisation vector although 8 bytes are intended, which can lead to e.g. lower cryptographic security than expected. 2) The application does not properly protect against "watermarking" attacks when using the CBC mode, which can be exploited to e.g. determine if a specially crafted file has been stored. 3) When using CFB cipher mode, cipher blocks containing a single byte can disclose certain information about the file content to the attacker. The weaknesses are reported in versions prior to 1.7. Other versions may also be affected. SOLUTION: Update to version 1.7, which fixes weaknesses #1 and #2 by using a different initialisation vector setup code for new file systems. Use the "MAC block headers" or "MAC random bytes" options to mitigate the CFB cipher mode attacks. PROVIDED AND/OR DISCOVERED BY: Micha Riser ORIGINAL ADVISORY: Micha Riser: http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0316.html EncFS: http://www.arg0.net/encfs#TOC-Change-Log OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 30 15:25:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 31 Aug 2010 00:25:25 +0200 Subject: [SEC] [SA41145] Mereo HTTP Request Handling Denial of Service Vulnerability Message-ID: <201008302225.o7UMPP77027963@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Mereo HTTP Request Handling Denial of Service Vulnerability SECUNIA ADVISORY ID: SA41145 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41145/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41145 RELEASE DATE: 2010-08-31 DISCUSS ADVISORY: http://secunia.com/advisories/41145/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41145/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41145 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Mereo, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when handling HTTP requests and can be exploited to crash the process (mereo.exe) via specially crafted web requests. The vulnerability is confirmed in version 1.9.2. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only (e.g. via network access control lists). PROVIDED AND/OR DISCOVERED BY: CwG GeNiuS ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/14840/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 30 15:45:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 31 Aug 2010 00:45:44 +0200 Subject: [SEC] [SA41153] Red Hat update for httpd Message-ID: <201008302245.o7UMjiBd016386@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Red Hat update for httpd SECUNIA ADVISORY ID: SA41153 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41153/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41153 RELEASE DATE: 2010-08-31 DISCUSS ADVISORY: http://secunia.com/advisories/41153/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41153/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41153 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for httpd. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service). For more information: SA31384 SA40206 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0659-1: https://rhn.redhat.com/errata/RHSA-2010-0659.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 30 16:12:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 31 Aug 2010 01:12:23 +0200 Subject: [SEC] [SA41233] Adobe Captivate Insecure Library Loading Vulnerability Message-ID: <201008302312.o7UNCNo7005076@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Adobe Captivate Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41233 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41233/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41233 RELEASE DATE: 2010-08-31 DISCUSS ADVISORY: http://secunia.com/advisories/41233/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41233/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41233 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Adobe Captivate, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening an Adobe Captivate project (.cptx) located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 5.0.0.596 for Windows. Other versions may also be affected. SOLUTION: Do not open untrusted files PROVIDED AND/OR DISCOVERED BY: Mr Teatime OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 30 16:46:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 31 Aug 2010 01:46:26 +0200 Subject: [SEC] [SA41191] Wiccle Web Builder "post_text" Cross-Site Scripting Vulnerability Message-ID: <201008302346.o7UNkQHB026527@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Wiccle Web Builder "post_text" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA41191 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41191/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41191 RELEASE DATE: 2010-08-31 DISCUSS ADVISORY: http://secunia.com/advisories/41191/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41191/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41191 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Wiccle Web Builder, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "post_text" parameter to ajax.php (when "module" is set to "site" and "tool" is set to "custom_search") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.0.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: indoushka OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 30 17:11:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 31 Aug 2010 02:11:46 +0200 Subject: [SEC] [SA41113] GaleriaSHQIP "album_id" SQL Injection Vulnerability Message-ID: <201008310011.o7V0BkVf015168@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: GaleriaSHQIP "album_id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA41113 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41113/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41113 RELEASE DATE: 2010-08-31 DISCUSS ADVISORY: http://secunia.com/advisories/41113/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41113/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41113 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Valentin Hoebel has discovered a vulnerability in GaleriaSHQIP, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "album_id" parameter in index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerability is confirmed in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Valentin Hoebel ORIGINAL ADVISORY: Valentin Hoebel: http://www.xenuser.org/documents/security/galeriaSHQIP_sqli.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 30 17:44:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 31 Aug 2010 02:44:13 +0200 Subject: [SEC] [SA41200] Maxthon Browser Insecure Library Loading Vulnerability Message-ID: <201008310044.o7V0iDni004114@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Maxthon Browser Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41200 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41200/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41200 RELEASE DATE: 2010-08-31 DISCUSS ADVISORY: http://secunia.com/advisories/41200/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41200/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41200 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Maxthon, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. RSRC32.dll, dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a web page (.html) located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in versions 1.6.7.35 and 2.5.15. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Aung Khant, YGN Ethical Hacker Group. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 30 18:09:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 31 Aug 2010 03:09:33 +0200 Subject: [SEC] [SA41236] Qt SSL Certificate IP Address Wildcard Matching Vulnerability Message-ID: <201008310109.o7V19XWi025160@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Qt SSL Certificate IP Address Wildcard Matching Vulnerability SECUNIA ADVISORY ID: SA41236 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41236/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41236 RELEASE DATE: 2010-08-31 DISCUSS ADVISORY: http://secunia.com/advisories/41236/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41236/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41236 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Qt, which can be exploited by malicious people to conduct spoofing attacks. The vulnerability is caused due to the QSslSocket class incorrectly allowing wildcards when verifying certificates using IP addresses, which can be exploited to conduct spoofing attacks. The vulnerability is reported in version 4.6. Other versions may also be affected. SOLUTION: Fixed in version 4.7.0-rc1. PROVIDED AND/OR DISCOVERED BY: Richard Moore and Simon Ward, Westpoint Limited ORIGINAL ADVISORY: Westpoint Limited: http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt Qt: http://bugreports.qt.nokia.com/browse/QTBUG-4455 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 30 18:23:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 31 Aug 2010 03:23:10 +0200 Subject: [SEC] [SA41190] Cisco IOS XR Border Gateway Protocol Denial of Service Vulnerability Message-ID: <201008310123.o7V1NAoq013274@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Cisco IOS XR Border Gateway Protocol Denial of Service Vulnerability SECUNIA ADVISORY ID: SA41190 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41190/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41190 RELEASE DATE: 2010-08-31 DISCUSS ADVISORY: http://secunia.com/advisories/41190/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41190/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41190 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco IOS XR, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the processing of Border Gateway Protocol (BGP) packets and can be exploited to continuously reset BGP peering sessions via a specially crafted peer prefix announcement with an unrecognised attribute. The vulnerability is reported in all Cisco IOS XR Software devices configured with BGP routing. SOLUTION: Reported by the vendor. PROVIDED AND/OR DISCOVERED BY: Apply updates (please see the vendor's advisory for details). ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20100827-bgp.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 30 18:44:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 31 Aug 2010 03:44:11 +0200 Subject: [SEC] [SA41199] Serendipity "Remember me" Script Insertion Vulnerability Message-ID: <201008310144.o7V1iBSS001657@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Serendipity "Remember me" Script Insertion Vulnerability SECUNIA ADVISORY ID: SA41199 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41199/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41199 RELEASE DATE: 2010-08-31 DISCUSS ADVISORY: http://secunia.com/advisories/41199/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41199/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41199 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has reported a vulnerability in Serendipity, which can be exploited by malicious users to conduct script insertion attacks. Input passed via unspecified parameters is not properly sanitised in include/functions_config.inc.php before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires the "Remember me" feature to be enabled. The vulnerability is reported in versions prior to 1.5.4. SOLUTION: Update to version 1.5.4. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: High-Tech Bridge SA (HTB22595): http://www.htbridge.ch/advisory/xss_vulnerability_in_serendipity.html Serendipity: http://blog.s9y.org/archives/223-Serendipity-1.5.4-released.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 30 19:14:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 31 Aug 2010 04:14:44 +0200 Subject: [SEC] [SA41235] Debian update for openoffice.org Message-ID: <201008310214.o7V2Ein7023487@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Debian update for openoffice.org SECUNIA ADVISORY ID: SA41235 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41235/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41235 RELEASE DATE: 2010-08-31 DISCUSS ADVISORY: http://secunia.com/advisories/41235/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41235/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41235 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for openoffice.org. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA40775 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA 2099-1: http://lists.debian.org/debian-security-announce/2010/msg00145.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 30 19:42:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 31 Aug 2010 04:42:48 +0200 Subject: [SEC] [SA41123] QuickTime PictureViewer Insecure Library Loading Vulnerability Message-ID: <201008310242.o7V2gmHs012253@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: QuickTime PictureViewer Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41123 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41123/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41123 RELEASE DATE: 2010-08-31 DISCUSS ADVISORY: http://secunia.com/advisories/41123/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41123/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41123 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in QuickTime, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the PictureViewer application loading libraries (e.g. CoreGraphics.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a MacPaint image (.mac) located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 7.6.7 for Windows. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Mr Teatime ORIGINAL ADVISORY: Secunia blog: http://secunia.com/blog/120/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 30 19:54:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 31 Aug 2010 04:54:44 +0200 Subject: [SEC] [SA41170] CF Image Hosting Script Multiple Vulnerabilities Message-ID: <201008310254.o7V2siAl032667@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: CF Image Hosting Script Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41170 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41170/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41170 RELEASE DATE: 2010-08-31 DISCUSS ADVISORY: http://secunia.com/advisories/41170/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41170/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41170 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in CF Image Hosting Script, which can be exploited by malicious people to disclose sensitive information. 1) The file "upload/data/settings.cdb" is stored with insecure file permissions inside the web root. This can be exploited to gain knowledge of sensitive information (usernames and hashed passwords) by accessing the file. 2) Input passed via the "lang" parameter to inc/config.php is not properly sanitised before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. The vulnerabilities are confirmed in version 1.3.81. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Restrict access to trusted users only (e.g. via ".htaccess"). PROVIDED AND/OR DISCOVERED BY: 1) Dr.$audi 2) FoX HaCkEr OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 30 20:07:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 31 Aug 2010 05:07:47 +0200 Subject: [SEC] [SA41218] IBM DB2 Multiple Vulnerabilities Message-ID: <201008310307.o7V37l4G020761@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: IBM DB2 Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41218 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41218/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41218 RELEASE DATE: 2010-08-31 DISCUSS ADVISORY: http://secunia.com/advisories/41218/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41218/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41218 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in IBM DB2, where one has an unknown impact, and others can be exploited by malicious, local users to gain escalated privileges, and by malicious people to cause a DoS (Denial of Service). 1) An unspecified error exists in DB2STST. No further information is available. 2) An unspecified error in the DB2DART tool can be exploited to overwrite files owned by the DB2 instance owner. 3) An error exists when special group and user enumeration is performed and can be exploited to trap the server. Successful exploitation of this vulnerability requires Windows 2008. The vulnerabilities are reported in the following versions: * DB2 9.1 prior to Fix Pack 9. * DB2 9.5 prior to Fix Pack 6. * DB2 9.7 prior to Fix Pack 2. SOLUTION: Update to version 9.1 Fix Pack 9, 9.5 Fix Pack 6, and 9.7 Fix Pack 2. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (IC65408, IC65703, IC65742, IC65749, IC65756, IC65762, IC66099, IC66642, IC66643): http://www.ibm.com/support/docview.wss?uid=swg21426108 http://www.ibm.com/support/docview.wss?uid=swg21432298 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 30 20:21:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 31 Aug 2010 05:21:54 +0200 Subject: [SEC] [SA41208] UltraVNC Viewer Insecure Library Loading Vulnerability Message-ID: <201008310321.o7V3Ls3P008897@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: UltraVNC Viewer Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41208 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41208/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41208 RELEASE DATE: 2010-08-31 DISCUSS ADVISORY: http://secunia.com/advisories/41208/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41208/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41208 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in UltraVNC Viewer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. vnclang.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a VNC file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code, but requires that the application during installation was configured to be associated with VNC files (non-default option). The vulnerability is confirmed in version 1.0.8.2. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Ivan Markovic OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 30 20:42:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 31 Aug 2010 05:42:34 +0200 Subject: [SEC] [SA41194] Novell Identity Manager Tree Credentials Information Disclosure Message-ID: <201008310342.o7V3gYKx029726@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Novell Identity Manager Tree Credentials Information Disclosure SECUNIA ADVISORY ID: SA41194 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41194/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41194 RELEASE DATE: 2010-08-31 DISCUSS ADVISORY: http://secunia.com/advisories/41194/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41194/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41194 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Novell Identity Manager, which can be exploited by malicious, local users to disclose sensitive information. The security issue is caused due to the installer storing administrative credentials in the /tmp/idmInstall.log file. The security issue is reported in version 3.6.1. SOLUTION: Remove the /tmp/idmInstall.log file after the installation is completed. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.novell.com/support/viewContent.do?externalId=7006705 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 30 20:54:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 31 Aug 2010 05:54:46 +0200 Subject: [SEC] [SA41185] Debian update for phpmyadmin Message-ID: <201008310354.o7V3skh8017767@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Debian update for phpmyadmin SECUNIA ADVISORY ID: SA41185 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41185/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41185 RELEASE DATE: 2010-08-31 DISCUSS ADVISORY: http://secunia.com/advisories/41185/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41185/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41185 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for phpmyadmin. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system. For more information: SA41000 SA41058 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA 2097-1: http://www.us.debian.org/security/2010/dsa-2097 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 30 21:08:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 31 Aug 2010 06:08:04 +0200 Subject: [SEC] [SA41217] Slackware update for php Message-ID: <201008310408.o7V484Wu005853@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Slackware update for php SECUNIA ADVISORY ID: SA41217 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41217/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41217 RELEASE DATE: 2010-08-31 DISCUSS ADVISORY: http://secunia.com/advisories/41217/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41217/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41217 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Slackware has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise a vulnerable system. For more information: SA40268 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SSA:2010-240-04: http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.507793 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Aug 30 21:21:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 31 Aug 2010 06:21:44 +0200 Subject: [SEC] [SA41186] Debian update for typo3-src Message-ID: <201008310421.o7V4Livv026382@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/_%22insecure%20library%20loading%22 The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Debian update for typo3-src SECUNIA ADVISORY ID: SA41186 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41186/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41186 RELEASE DATE: 2010-08-31 DISCUSS ADVISORY: http://secunia.com/advisories/41186/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41186/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41186 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for typo3-src. This fixes multiple vulnerabilities and security issues, which can be exploited by malicious users to conduct SQL injection attacks, manipulate certain data, and compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks, HTTP redirect attacks, HTTP response splitting attacks, session fixation attacks, bypass certain security restrictions, and disclose potentially sensitive information. For more information: SA40742 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA 2098-1: http://www.us.debian.org/security/2010/dsa-2098 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 31 10:27:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 31 Aug 2010 19:27:37 +0200 Subject: [SEC] [SA41247] Hitachi JP1 Products Denial of Service Vulnerability Message-ID: <201008311727.o7VHRbg4016902@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Hitachi JP1 Products Denial of Service Vulnerability SECUNIA ADVISORY ID: SA41247 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41247/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41247 RELEASE DATE: 2010-08-31 DISCUSS ADVISORY: http://secunia.com/advisories/41247/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41247/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41247 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in various Hitachi JP1 products, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error while processing unexpected data and can be exploited to disrupt some services. Please see the vendor's advisory for the list of affected products. SOLUTION: Apply patches. Please see the vendor's advisory for more details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HS10-022: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-022/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 31 11:27:51 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 31 Aug 2010 20:27:51 +0200 Subject: [SEC] [SA41201] QtWeb Browser Insecure Library Loading Vulnerability Message-ID: <201008311827.o7VIRpag007107@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: QtWeb Browser Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41201 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41201/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41201 RELEASE DATE: 2010-08-31 DISCUSS ADVISORY: http://secunia.com/advisories/41201/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41201/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41201 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in QtWeb Browser, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. wintab32.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening an HTML file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 3.3 (build 043) for Windows. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Aung Khant, YGN Ethical Hacker Group. ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0386.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 31 12:27:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 31 Aug 2010 21:27:32 +0200 Subject: [SEC] [SA41178] SiSoftware Sandra Insecure Library Loading Vulnerability Message-ID: <201008311927.o7VJRWKg029692@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: SiSoftware Sandra Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41178 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41178/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41178 RELEASE DATE: 2010-08-31 DISCUSS ADVISORY: http://secunia.com/advisories/41178/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41178/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41178 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in SiSoftware Sandra, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a SiSoftware Sandra Script (.sis) located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in SiSoftware Sandra Lite version 2010.7.16.52 for Windows. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Peter Van Eeckhoutte ORIGINAL ADVISORY: http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 31 13:27:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 31 Aug 2010 22:27:19 +0200 Subject: [SEC] [SA41227] UltraISO Insecure Library Loading Vulnerability Message-ID: <201008312027.o7VKRJ88019880@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: UltraISO Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41227 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41227/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41227 RELEASE DATE: 2010-08-31 DISCUSS ADVISORY: http://secunia.com/advisories/41227/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41227/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41227 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in UltraISO, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. daemon.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a ISO file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 9.3.6.2750. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Peter Van Eeckhoutte ORIGINAL ADVISORY: http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 31 14:21:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 31 Aug 2010 23:21:38 +0200 Subject: [SEC] [SA41182] Hitachi Storage Command Suite Denial of Service Vulnerability Message-ID: <201008312121.o7VLLccB009822@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Hitachi Storage Command Suite Denial of Service Vulnerability SECUNIA ADVISORY ID: SA41182 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41182/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41182 RELEASE DATE: 2010-08-31 DISCUSS ADVISORY: http://secunia.com/advisories/41182/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41182/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41182 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Hitachi Storage Command Suite, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error while processing unexpected data. This can be exploited to stop the embedded database abnormally and disrupt some services. Please see the vendor's advisory for a list of affected products. SOLUTION: Update to a fixed version. Please see the vendor's advisory for details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HS10-024: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-024/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 31 14:42:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 31 Aug 2010 23:42:34 +0200 Subject: [SEC] [SA41249] Hitachi JP1/Performance Management Denial of Service Vulnerability Message-ID: <201008312142.o7VLgYff030654@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Hitachi JP1/Performance Management Denial of Service Vulnerability SECUNIA ADVISORY ID: SA41249 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41249/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41249 RELEASE DATE: 2010-08-31 DISCUSS ADVISORY: http://secunia.com/advisories/41249/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41249/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41249 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Hitachi JP1/Performance Management, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error while processing unexpected data and can be exploited to disrupt some services. Please see the vendor's advisory for the list of affected products. SOLUTION: Apply patches. Please see the vendor's advisory for more details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HS10-020: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-020/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 31 14:58:53 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 31 Aug 2010 23:58:53 +0200 Subject: [SEC] [SA41248] Hitachi JP1/Integrated Management Denial of Service Vulnerability Message-ID: <201008312158.o7VLwrnI018969@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Hitachi JP1/Integrated Management Denial of Service Vulnerability SECUNIA ADVISORY ID: SA41248 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41248/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41248 RELEASE DATE: 2010-08-31 DISCUSS ADVISORY: http://secunia.com/advisories/41248/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41248/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41248 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Hitachi JP1/Integrated Management, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error while processing unexpected data and can be exploited to disrupt some services. Please see the vendor's advisory for list of affected products. SOLUTION: Apply patches. Please see the vendor's advisory for more details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HS10-021: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-021/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 31 15:23:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Sep 2010 00:23:20 +0200 Subject: [SEC] [SA41250] Hitachi JP1/Automatic Job Management System Denial of Service Vulnerability Message-ID: <201008312223.o7VMNK63007575@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Hitachi JP1/Automatic Job Management System Denial of Service Vulnerability SECUNIA ADVISORY ID: SA41250 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41250/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41250 RELEASE DATE: 2010-09-01 DISCUSS ADVISORY: http://secunia.com/advisories/41250/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41250/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41250 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in JP1/Automatic Job Management System, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error while processing unexpected data and can be exploited to disrupt some services. Please see the vendor's advisory for information on affected versions. SOLUTION: Apply patches. Please see the vendor's advisory for more details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HS10-019: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-019/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 31 15:44:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Sep 2010 00:44:30 +0200 Subject: [SEC] [SA41252] Hitachi Cosminexus Products Denial of Service Vulnerability Message-ID: <201008312244.o7VMiUs5028417@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Hitachi Cosminexus Products Denial of Service Vulnerability SECUNIA ADVISORY ID: SA41252 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41252/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41252 RELEASE DATE: 2010-09-01 DISCUSS ADVISORY: http://secunia.com/advisories/41252/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41252/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41252 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Hitachi Cosminexus products, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error while processing unexpected data and can be exploited to disrupt some services. Please see the vendor's advisory for the list of affected products. SOLUTION: Apply patches. Please see the vendor's advisory for more details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HS10-017: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-017/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 31 16:10:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Sep 2010 01:10:28 +0200 Subject: [SEC] [SA41209] Sophos Free Encryption Insecure Library Loading Vulnerability Message-ID: <201008312310.o7VNASO3017098@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Sophos Free Encryption Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41209 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41209/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41209 RELEASE DATE: 2010-09-01 DISCUSS ADVISORY: http://secunia.com/advisories/41209/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41209/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41209 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Sophos Free Encryption, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. pcrypt0406.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a UTI file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 2.40.1.1. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Parvez Anwar via Secunia OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 31 16:25:53 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Sep 2010 01:25:53 +0200 Subject: [SEC] [SA41251] Hitachi JP1/ServerConductor/Control Manager Denial of Service Vulnerability Message-ID: <201008312325.o7VNPrRW005257@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Hitachi JP1/ServerConductor/Control Manager Denial of Service Vulnerability SECUNIA ADVISORY ID: SA41251 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41251/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41251 RELEASE DATE: 2010-09-01 DISCUSS ADVISORY: http://secunia.com/advisories/41251/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41251/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41251 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Hitachi JP1/ServerConductor/Control Manager, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error while processing unexpected data and can be exploited to disrupt some services. Please see the vendor's advisory for information on affected versions. SOLUTION: Apply patches. Please see the vendor's advisory for more details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HS10-018: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-018/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 31 16:46:53 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Sep 2010 01:46:53 +0200 Subject: [SEC] [SA41243] IsoBuster Insecure Library Loading Vulnerability Message-ID: <201008312346.o7VNkrkx026111@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: IsoBuster Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41243 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41243/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41243 RELEASE DATE: 2010-09-01 DISCUSS ADVISORY: http://secunia.com/advisories/41243/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41243/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41243 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in IsoBuster, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. wnaspi32.dll, ntaspi32.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening an IMG file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 2.8. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Mr Teatime OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 31 17:11:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Sep 2010 02:11:26 +0200 Subject: [SEC] [SA41245] Linux Kernel Wireless Extensions Memory Leak Vulnerability Message-ID: <201009010011.o810BQ9Y014723@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Linux Kernel Wireless Extensions Memory Leak Vulnerability SECUNIA ADVISORY ID: SA41245 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41245/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41245 RELEASE DATE: 2010-09-01 DISCUSS ADVISORY: http://secunia.com/advisories/41245/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41245/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41245 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose potentially sensitive information. The vulnerability is caused due to wireless drivers potentially copying more kernel heap memory to userspace than intended, which can be exploited to disclose potentially sensitive information by e.g. sending a specially crafted "SIOCGIWESSID" IOCTL. SOLUTION: Fixed in the wireless-testing GIT repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported as a grsecurity bug by jubidu. Additional information provided by Brad Spengler and the vendor. ORIGINAL ADVISORY: Jubidu: http://forums.grsecurity.net/viewtopic.php?f=3&t=2290&start=0 http://lkml.org/lkml/2010/8/30/127 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 31 17:44:15 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Sep 2010 02:44:15 +0200 Subject: [SEC] [SA41078] Joomla! JE FAQ Pro Component "catid" SQL Injection Vulnerability Message-ID: <201009010044.o810iF63003664@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Joomla! JE FAQ Pro Component "catid" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA41078 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41078/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41078 RELEASE DATE: 2010-09-01 DISCUSS ADVISORY: http://secunia.com/advisories/41078/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41078/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41078 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the JE FAQ Pro component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "catid" parameter to index.php (when e.g. "option" is set to "com_jefaqpro", "view" is set to "category", and "layout" is set to "categorylist") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 1.5.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Chip D3 Bi0s OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 31 18:09:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Sep 2010 03:09:35 +0200 Subject: [SEC] [SA41244] Mozilla Firefox NSS Certificate IP Address Wildcard Matching Vulnerability Message-ID: <201009010109.o8119ZXu024729@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Mozilla Firefox NSS Certificate IP Address Wildcard Matching Vulnerability SECUNIA ADVISORY ID: SA41244 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41244/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41244 RELEASE DATE: 2010-09-01 DISCUSS ADVISORY: http://secunia.com/advisories/41244/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41244/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41244 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Mozilla Firefox, which can be exploited by malicious people to conduct spoofing attacks. The vulnerability is caused due to the use of vulnerable Network Security Services (NSS) code. For more information: SA41237 SOLUTION: Reportedly, this will be fixed in the Firefox versions after 3.6.9 and 3.5.12. PROVIDED AND/OR DISCOVERED BY: Richard Moore and Simon Ward, Westpoint Limited ORIGINAL ADVISORY: Westpoint Limited: http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 31 18:23:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Sep 2010 03:23:27 +0200 Subject: [SEC] [SA41246] Hitachi JP1/Desktop Navigation Denial of Service Vulnerability Message-ID: <201009010123.o811NRNM012835@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Hitachi JP1/Desktop Navigation Denial of Service Vulnerability SECUNIA ADVISORY ID: SA41246 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41246/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41246 RELEASE DATE: 2010-09-01 DISCUSS ADVISORY: http://secunia.com/advisories/41246/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41246/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41246 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Hitachi JP1/Desktop Navigation, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error while processing unexpected data when running the application in a cluster environment. This can be exploited to stop the embedded database abnormally and disrupt management server services. The vulnerability is reported in versions 01-00 and 01-01 through 01-01-01. SOLUTION: Update to version 01-01-02. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HS10-023: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS10-023/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 31 18:44:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Sep 2010 03:44:35 +0200 Subject: [SEC] [SA41237] Network Security Services Certificate IP Address Wildcard Matching Vulnerability Message-ID: <201009010144.o811iZst001232@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Network Security Services Certificate IP Address Wildcard Matching Vulnerability SECUNIA ADVISORY ID: SA41237 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41237/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41237 RELEASE DATE: 2010-09-01 DISCUSS ADVISORY: http://secunia.com/advisories/41237/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41237/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41237 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Network Security Services (NSS), which can be exploited by malicious people to conduct spoofing attacks. The vulnerability is caused due to the library incorrectly allowing wildcards when verifying certificates using IP addresses, which can be exploited to conduct spoofing attacks. The vulnerability is reported in version 3.12.6. Other versions may also be affected. SOLUTION: Fixed in the CVS repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Richard Moore and Simon Ward, Westpoint Limited ORIGINAL ADVISORY: Westpoint Limited: http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt Mozilla: https://bugzilla.mozilla.org/show_bug.cgi?id=578697 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 31 19:17:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Sep 2010 04:17:39 +0200 Subject: [SEC] [SA41179] Moo Products Unspecified Cross-Site Scripting Vulnerability Message-ID: <201009010217.o812Hdac023153@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Moo Products Unspecified Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA41179 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41179/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41179 RELEASE DATE: 2010-09-01 DISCUSS ADVISORY: http://secunia.com/advisories/41179/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41179/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41179 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in two Moo products, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in: * Moo moobbs versions 1.02 and prior * Moo moobbs2 versions 1.02 and prior SOLUTION: Update to version 1.03. PROVIDED AND/OR DISCOVERED BY: Yuji Tounai, bogus.jp reported via IPA. ORIGINAL ADVISORY: Moo: http://common1.biz/cgi_bug.html JVN: http://jvn.jp/en/jp/JVN24423311/index.html http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000033.html http://jvn.jp/en/jp/JVN75101998/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2010-000034 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 31 19:44:15 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Sep 2010 04:44:15 +0200 Subject: [SEC] [SA41180] Novell NetWare OpenSSH Buffer Overflow Vulnerability Message-ID: <201009010244.o812iF47011845@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Novell NetWare OpenSSH Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA41180 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41180/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41180 RELEASE DATE: 2010-09-01 DISCUSS ADVISORY: http://secunia.com/advisories/41180/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41180/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41180 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Novell NetWare, which can be exploited by malicious users to potentially compromise a vulnerable system. The vulnerability is caused due to a boundary error in SSHD.NLM and SFTP-SVR.NLM when handling user sessions and can be exploited to cause a stack-based buffer overflow via an overly long (greater than 512 characters) absolute path string. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in NetWare 6.5. SOLUTION: Restrict access to OpenSSH to trusted users only. PROVIDED AND/OR DISCOVERED BY: The vendor credits Francis Provencher, Protek Research Lab via ZDI. ORIGINAL ADVISORY: Novell: http://www.novell.com/support/viewContent.do?externalId=7006756 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 31 20:07:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Sep 2010 05:07:49 +0200 Subject: [SEC] [SA41115] Virtual DJ Insecure Library Loading Vulnerability Message-ID: <201009010307.o8137nia000334@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Virtual DJ Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41115 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41115/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41115 RELEASE DATE: 2010-09-01 DISCUSS ADVISORY: http://secunia.com/advisories/41115/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41115/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41115 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Virtual DJ, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. HDJAPI.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening an MP3 file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 6.1.2 (Trial b301) for Windows. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Peter Van Eeckhoutte ORIGINAL ADVISORY: http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 31 20:21:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Sep 2010 05:21:39 +0200 Subject: [SEC] [SA41225] WinImage Insecure Library Loading Vulnerability Message-ID: <201009010321.o813LdYZ020928@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: WinImage Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41225 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41225/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41225 RELEASE DATE: 2010-09-01 DISCUSS ADVISORY: http://secunia.com/advisories/41225/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41225/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41225 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in WinImage, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. wnaspi32.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening an .imz file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in version 8.0.0.8000 and confirmed in version 8.50 for Windows. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Peter Van Eeckhoutte ORIGINAL ADVISORY: http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 31 20:42:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Sep 2010 05:42:58 +0200 Subject: [SEC] [SA41213] Apple QuickTime QTPlugin.ocx Input Validation Vulnerability Message-ID: <201009010342.o813gw7q009365@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Apple QuickTime QTPlugin.ocx Input Validation Vulnerability SECUNIA ADVISORY ID: SA41213 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41213/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41213 RELEASE DATE: 2010-09-01 DISCUSS ADVISORY: http://secunia.com/advisories/41213/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41213/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41213 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ruben Santamarta has discovered a vulnerability in Apple QuickTime, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the QuickTime ActiveX control (QTPlugin.ocx) using a value passed in the "_Marshaled_pUnk" parameter as a pointer. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 7.6.7 (1675). Other versions may also be affected. SOLUTION: Set the kill-bit for the affected ActiveX control. PROVIDED AND/OR DISCOVERED BY: Ruben Santamarta ORIGINAL ADVISORY: http://www.reversemode.com/index.php?option=com_content&task=view&id=69&Itemid=1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 31 20:54:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Sep 2010 05:54:41 +0200 Subject: [SEC] [SA41195] Red Hat update for kernel Message-ID: <201009010354.o813sfYD029774@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Red Hat update for kernel SECUNIA ADVISORY ID: SA41195 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41195/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41195 RELEASE DATE: 2010-09-01 DISCUSS ADVISORY: http://secunia.com/advisories/41195/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41195/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41195 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges. For more information: SA40965 1) An error within the GFS2 file system when handing certain rename operations can be exploited to cause a kernel crash. Note: This only affects Red Hat Enterprise Linux EUS (v. 5.3.z server). SOLUTION: Updated packages are available from Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) Red Hat credits Grant Diffey, CenITex ORIGINAL ADVISORY: RHSA-2010-0660: https://rhn.redhat.com/errata/RHSA-2010-0660.html RHSA-2010-0661: https://rhn.redhat.com/errata/RHSA-2010-0661.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 31 21:10:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Sep 2010 06:10:05 +0200 Subject: [SEC] [SA41206] phpMyAdmin Backtrace Cross-Site Scripting Vulnerability Message-ID: <201009010410.o814A5UX018975@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: phpMyAdmin Backtrace Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA41206 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41206/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41206 RELEASE DATE: 2010-09-01 DISCUSS ADVISORY: http://secunia.com/advisories/41206/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41206/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41206 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user via debug messages in a backtrace. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 3.3.6. SOLUTION: Update to version 3.3.6. PROVIDED AND/OR DISCOVERED BY: The vendor credits Aung Khant, YGN Ethical Hacker Group. ORIGINAL ADVISORY: PMASA-2010-6: http://www.phpmyadmin.net/home_page/security/PMASA-2010-6.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 31 21:22:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Sep 2010 06:22:03 +0200 Subject: [SEC] [SA41105] Debian update for openssl Message-ID: <201009010422.o814M3aD007009@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Debian update for openssl SECUNIA ADVISORY ID: SA41105 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41105/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41105 RELEASE DATE: 2010-09-01 DISCUSS ADVISORY: http://secunia.com/advisories/41105/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41105/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41105 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA40906 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA 2100-1: http://lists.debian.org/debian-security-announce/2010/msg00146.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 31 21:42:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Sep 2010 06:42:34 +0200 Subject: [SEC] [SA41239] Fedora update for bogofilter Message-ID: <201009010442.o814gYEt027819@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Fedora update for bogofilter SECUNIA ADVISORY ID: SA41239 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41239/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41239 RELEASE DATE: 2010-09-01 DISCUSS ADVISORY: http://secunia.com/advisories/41239/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41239/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41239 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for bogofilter. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA40427 SOLUTION: Apply updated packages using the yum utility ("yum update bogofilter"). ORIGINAL ADVISORY: FEDORA-2010-13154: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046590.html FEDORA-2010-13139: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046558.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 31 21:54:55 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Sep 2010 06:54:55 +0200 Subject: [SEC] [SA41240] Fedora update for php-pear-CAS Message-ID: <201009010454.o814st8v015853@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Fedora update for php-pear-CAS SECUNIA ADVISORY ID: SA41240 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41240/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41240 RELEASE DATE: 2010-09-01 DISCUSS ADVISORY: http://secunia.com/advisories/41240/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41240/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41240 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for php-pear-CAS. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and malicious users to hijack another user's session. For more information: SA40845 SOLUTION: Apply updated packages using the yum utility ("yum update php-pear-CAS"). ORIGINAL ADVISORY: FEDORA-2010-12247: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046584.html FEDORA-2010-12258: http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046576.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Aug 31 22:07:50 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Sep 2010 07:07:50 +0200 Subject: [SEC] [SA41187] Joomla! PicSell Component "dflink" File Disclosure Vulnerability Message-ID: <201009010507.o8157ogY003917@CRON-IX-2.intnet> ---------------------------------------------------------------------- List of products vulnerable to insecure library loading vulnerabilities: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Joomla! PicSell Component "dflink" File Disclosure Vulnerability SECUNIA ADVISORY ID: SA41187 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41187/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41187 RELEASE DATE: 2010-09-01 DISCUSS ADVISORY: http://secunia.com/advisories/41187/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41187/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41187 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the PicSell component for Joomla!, which can be exploited by malicious people to disclose sensitive information. Input passed via the "dflink" parameter to index.php (when "option" is set to "com_picsell", "controller" is set to "prevsell", and "task" is set to "dwnfree") is not properly verified before being used to read files. This can be exploited to download arbitrary files from local resources via directory traversal sequences. The vulnerability is reported in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Craw OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ----------------------------------------------------------------------