From sec-adv at secunia.com Wed Dec 1 10:30:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Dec 2010 19:30:16 +0100 Subject: [SEC] [SA42380] DynPG CMS "CHG_DYNPG_SET_LANGUAGE" File Inclusion Vulnerability Message-ID: <201012011830.oB1IUGSa030121@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: DynPG CMS "CHG_DYNPG_SET_LANGUAGE" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA42380 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42380/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42380 RELEASE DATE: 2010-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/42380/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42380/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42380 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in DynPG CMS, which can be exploited by malicious users to disclose sensitive information. Input passed to the "CHG_DYNPG_SET_LANGUAGE" parameter in index.php is not properly verified before being used to include files in languages.inc.php. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerability is confirmed in version 4.1.1. Other versions may also be affected. SOLUTION: Update to version 4.2.1. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: DynPG CMS: http://www.dynpg.org/cms-freeware_en.php?t=DynPG+Update+4.2.1+Security+Update&read_article=226 HTB22703: http://www.htbridge.ch/advisory/lfi_in_dynpg.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 1 11:29:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Dec 2010 20:29:43 +0100 Subject: [SEC] [SA42412] Ubuntu update for openjdk-6 Message-ID: <201012011929.oB1JThd2020462@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for openjdk-6 SECUNIA ADVISORY ID: SA42412 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42412/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42412 RELEASE DATE: 2010-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/42412/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42412/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42412 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for openjdk-6. This fixes a security issue, which can be exploited by malicious people to disclose system information. The security issue is caused to the application allowing untrusted applications and applets to read system properties e.g. "user.name", "user.home", and "java.home". SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1024-1: http://www.ubuntu.com/usn/usn-1024-1 http://blog.fuseyism.com/index.php/2010/11/24/icedtea6-176-183-and-192-released/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 1 12:29:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Dec 2010 21:29:40 +0100 Subject: [SEC] [SA42375] Enano CMS "email" SQL Injection Vulnerability Message-ID: <201012012029.oB1KTeoc010835@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Enano CMS "email" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42375 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42375/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42375 RELEASE DATE: 2010-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/42375/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42375/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42375 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in Enano CMS, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "email" parameter when registering a new account is not properly sanitised before being used in a SQL query in the "check_banlist()" function (includes/sessions.php). This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.0.6pl2. Other versions may also be affected. SOLUTION: Update to version 1.0.6pl3. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: Enano CMS: http://enanocms.org/News:Article/2010/11/16/Enano_1.1.8.2c_1.0.6pl3.2c_and_1.1.7pl2_released HTB22709: http://www.htbridge.ch/advisory/sql_injection_in_enano_cms.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 1 13:29:50 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Dec 2010 22:29:50 +0100 Subject: [SEC] [SA42431] WordPress SQL Injection Vulnerability Message-ID: <201012012129.oB1LTo9t001163@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: WordPress SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42431 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42431/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42431 RELEASE DATE: 2010-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/42431/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42431/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42431 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in WordPress, which can be exploited by malicious users to conduct SQL injection attacks. Certain input is not properly sanitised in wp-includes/comment.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires "Author-level" permissions. The vulnerability is reported in versions prior to 3.0.2. SOLUTION: Update to version 3.0.2. PROVIDED AND/OR DISCOVERED BY: The vendor credits Vladimir Kolesnikov ORIGINAL ADVISORY: WordPress: http://wordpress.org/news/2010/11/wordpress-3-0-2/ http://codex.wordpress.org/Version_3.0.2 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 1 14:24:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Dec 2010 23:24:08 +0100 Subject: [SEC] [SA42399] Red Hat update for krb5 Message-ID: <201012012224.oB1MO8N3023733@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for krb5 SECUNIA ADVISORY ID: SA42399 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42399/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42399 RELEASE DATE: 2010-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/42399/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42399/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42399 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for krb5. This fixes some vulnerabilities, which can be exploited by malicious users and malicious people to conduct spoofing attacks and bypass certain security features. For more information: SA42396 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: https://rhn.redhat.com/errata/RHSA-2010-0925.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 1 14:46:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 1 Dec 2010 23:46:18 +0100 Subject: [SEC] [SA42427] Sleipnir Clipboard Access Security Bypass Vulnerability Message-ID: <201012012246.oB1MkIkR012404@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Sleipnir Clipboard Access Security Bypass Vulnerability SECUNIA ADVISORY ID: SA42427 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42427/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42427 RELEASE DATE: 2010-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/42427/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42427/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42427 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Sleipnir, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to the application not properly restricting access to the clipboard, which can be exploited to disclose or change the contents of the clipboard by tricking the user into visiting a malicious website. The vulnerability is reported in versions 2.9.6 and prior. SOLUTION: The vendor has released an updated version 2.9.6 on November 25, 2010 at 3pm (Japan Time), which fixes the vulnerability. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.fenrir.co.jp/blog/2010/11/post_47.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 1 15:16:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 2 Dec 2010 00:16:35 +0100 Subject: [SEC] [SA42406] Red Hat Enterprise MRG Condor QMF Plug-ins Vulnerability Message-ID: <201012012316.oB1NGZaA001473@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat Enterprise MRG Condor QMF Plug-ins Vulnerability SECUNIA ADVISORY ID: SA42406 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42406/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42406 RELEASE DATE: 2010-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/42406/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42406/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42406 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has acknowledged a vulnerability in Red Hat Enterprise MRG, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to insufficient access restrictions to the Condor QMF plug-ins, which can be exploited to e.g. submit jobs which will be run as a non-root user. Successful exploitation requires that the attacker is able to publish to a broker. SOLUTION: Updated packages are available via the Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: RHSA-2010-0921: https://rhn.redhat.com/errata/RHSA-2010-0921.html RHSA-2010-0922: https://rhn.redhat.com/errata/RHSA-2010-0922.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 1 15:47:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 2 Dec 2010 00:47:27 +0100 Subject: [SEC] [SA42396] Kerberos Multiple Vulnerabilities Message-ID: <201012012347.oB1NlRj6023005@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Kerberos Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42396 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42396/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42396 RELEASE DATE: 2010-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/42396/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42396/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42396 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Kerberos, which can be exploited by malicious users and malicious people to conduct spoofing attacks and bypass certain security features. 1) The krb5 GSS-API applications do not properly validate the checksums of DES session keys for version 2 (RFC 4121) of the GSS-API krb5 mechanism, which can be exploited to forge unencrypted but integrity protected GSS tokens. Successful exploitation requires that the pre-existing application session uses a DES session key. This vulnerability affects krb-1.7 or newer. 2) The krb5 application services do not properly verify the checksum of PAC signatures, which can be exploited to e.g. gain escalated privileges by forging the PACs. Successful exploitation requires that the attacker is authenticated and that the KDC in use does not filter client-provided PAC data but e.g. makes authorisation decisions based on the PAC content. This vulnerability affects krb-1.7 or newer. Systems exclusively running krb5-1.8 block the attack. 3) The MIT krb5 KDC incorrectly accepts RFC 3961 key-derivation checksums when verifying the req-checksum in KrbFastArmoredReqs, which can be exploited to e.g. swap a client-issued KrbFastReq into a different KDC-REQ. Successful exploitation requires that the armor key in use is RC4. This vulnerability affects krb-1.7 or newer. 4) The MIT krb5 clients incorrectly accept unkeyed checksums in the SAM-2 preauthentication challenges, which can be exploited to e.g. forge the prompt text or change the response sent to the KDC. This vulnerability affects krb5-1.3 or newer. 5) The MIT krb5 incorrectly accepts RFC 3961 key-derivation checksums when verifying KRB-SAFE messages, which can be exploited to forge KRB-SAFE messages. Successful exploitation requires that the pre-existing application session uses an RC4 session key. This vulnerability affects krb5-1.3 or newer. 6) The MIT krb5 incorrectly accepts RFC 3961 key-derivation checksums when verifying AD-SIGNEDPATH authorisation data, which can be exploited to forge the AD-SIGNEDPATH signature and e.g. self-generate "evidence" tickets for S4U2Proxy. Successful exploitation requires that the attacker is authenticated and controls a legitimate service principal and that the TGT key is RC4. This vulnerability affects krb5-1.8 or newer. 7) The MIT krb5 incorrectly accepts RFC 3961 key-derivation checksums when verifying AD-KDC-ISSUED authorisation data, which can be exploited to forge AD-KDC-ISSUED signatures on authdata elements. Successful exploitation requires that the attacker is authenticated and that the tickets have an RC4 service key. This vulnerability affects krb5-1.8 or newer. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MITKRB5-SA-2010-007: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2010-007.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 1 16:13:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 2 Dec 2010 01:13:20 +0100 Subject: [SEC] [SA42438] WordPress WPtouch Plugin "wptouch_settings" Cross-Site Scripting Message-ID: <201012020013.oB20DKOP011845@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: WordPress WPtouch Plugin "wptouch_settings" Cross-Site Scripting SECUNIA ADVISORY ID: SA42438 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42438/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42438 RELEASE DATE: 2010-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/42438/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42438/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42438 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in the WPtouch plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "wptouch_settings" parameter to wp-content/plugins/wptouch/include/adsense-new.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.9.20. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: http://www.htbridge.ch/advisory/xss_in_wptouch_wordpress_plugin.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 1 16:48:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 2 Dec 2010 01:48:27 +0100 Subject: [SEC] [SA42428] Grani Clipboard Access Security Bypass Vulnerability Message-ID: <201012020048.oB20mRql001033@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Grani Clipboard Access Security Bypass Vulnerability SECUNIA ADVISORY ID: SA42428 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42428/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42428 RELEASE DATE: 2010-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/42428/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42428/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42428 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Grani, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA42427 The vulnerability is reported in versions 4.5 and prior. SOLUTION: The vendor has released an updated version 4.5 on November 25, 2010 at 3pm (Japan Time), which fixes the vulnerability. ORIGINAL ADVISORY: http://www.fenrir.co.jp/blog/2010/11/post_47.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 1 17:15:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 2 Dec 2010 02:15:37 +0100 Subject: [SEC] [SA42411] Red Hat update for wireshark Message-ID: <201012020115.oB21FbWm022398@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for wireshark SECUNIA ADVISORY ID: SA42411 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42411/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42411 RELEASE DATE: 2010-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/42411/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42411/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42411 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for wireshark. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA41535 SA42290 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0924-1: https://rhn.redhat.com/errata/RHSA-2010-0924.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 1 17:47:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 2 Dec 2010 02:47:02 +0100 Subject: [SEC] [SA42418] BugTracker.NET Cross-Site Scripting and SQL Injection Vulnerabilities Message-ID: <201012020147.oB21l2lH011474@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: BugTracker.NET Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA42418 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42418/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42418 RELEASE DATE: 2010-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/42418/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42418/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42418 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in BugTracker.NET, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks. 1) Input passed to the "pcd" parameter in edit_bug.aspx, "bug_id" parameter in edit_comment.aspx, "default_name" parameter in edit_customfield.aspx, and "id" parameter in edit_user_permissions2.aspx is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "qu_id" parameter to bugs.aspx, "row_id" parameter to delete_query.aspx, "us_id" and "new_project" parameters to edit_bug.aspx, and "bug_list" parameter to massedit.aspx is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in version 3.4.4. Other versions may also be affected. SOLUTION: Update to version 3.4.5. PROVIDED AND/OR DISCOVERED BY: Damian Saura and Alejandro Frydman, Core Security Technologies ORIGINAL ADVISORY: BugTracker.NET: http://btnet.svn.sourceforge.net/viewvc/btnet/RELEASE_NOTES.TXT?revision=578&view=markup CORE-2010-1109: http://www.coresecurity.com/content/multiple-vulnerabilities-in-bugtracker OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 1 18:10:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 2 Dec 2010 03:10:22 +0100 Subject: [SEC] [SA42423] Fedora update for kdenetwork Message-ID: <201012020210.oB22AMOp032593@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for kdenetwork SECUNIA ADVISORY ID: SA42423 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42423/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42423 RELEASE DATE: 2010-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/42423/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42423/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42423 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for kdenetwork. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA39528 SOLUTION: Apply updated packages using the yum utility ("yum update kdenetwork"). ORIGINAL ADVISORY: FEDORA-2010-18029: http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 1 18:24:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 2 Dec 2010 03:24:19 +0100 Subject: [SEC] [SA42407] Red Hat update for dhcp Message-ID: <201012020224.oB22OJp9020884@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for dhcp SECUNIA ADVISORY ID: SA42407 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42407/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42407 RELEASE DATE: 2010-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/42407/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42407/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42407 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for dhcp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA42082 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0923-1: https://rhn.redhat.com/errata/RHSA-2010-0923.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 1 18:44:52 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 2 Dec 2010 03:44:52 +0100 Subject: [SEC] [SA42436] Red Hat update for krb5 Message-ID: <201012020244.oB22iqOl009492@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for krb5 SECUNIA ADVISORY ID: SA42436 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42436/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42436 RELEASE DATE: 2010-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/42436/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42436/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42436 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for krb5. This fixes some vulnerabilities, which can be exploited by malicious users and malicious people to conduct spoofing attacks and bypass certain security features. For more information: SA42396 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: https://rhn.redhat.com/errata/RHSA-2010-0926.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 1 19:14:57 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 2 Dec 2010 04:14:57 +0100 Subject: [SEC] [SA42430] Joomla! sh404SEF Component Multiple Vulnerabilities Message-ID: <201012020314.oB23Evrs031405@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Joomla! sh404SEF Component Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42430 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42430/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42430 RELEASE DATE: 2010-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/42430/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42430/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42430 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in sh404SEF component for Joomla!, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks 1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in versions prior to 2.1.8.777. SOLUTION: Update to 2.1.8.777 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits Jeff Channel. ORIGINAL ADVISORY: sh404SEF: http://dev.anything-digital.com/Forum/Announcements/9100-Urgent-sh404SEF-security-release-Joomla-1.5/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 1 19:45:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 2 Dec 2010 04:45:24 +0100 Subject: [SEC] [SA42347] Pandora FMS Multiple Vulnerabilities Message-ID: <201012020345.oB23jOJl020431@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Pandora FMS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42347 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42347/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42347 RELEASE DATE: 2010-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/42347/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42347/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42347 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and multiple vulnerabilities have been discovered in Pandora FMS, which can be exploited by malicious users to conduct SQL injection attacks, disclose potentially sensitive information, and compromise a vulnerable system and by malicious people to bypass certain security restrictions and compromise a vulnerable system. 1) The weakness is caused due to the application using an insecure default value for "loginhash_pwd". This can be exploited to bypass the log-in mechanism. 2) Input passed via the "id_group" parameter to ajax.php, and via the "group_id" parameter to index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 3) Input passed via the "page" parameter to ajax.php is not properly verified before being used to include files. This can be exploited to include arbitrary PHP files from local or remote resources. 4) Input passed via the "argv[1]" parameter to extras/pandora_diag.php (when "argc" is set to "2") is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or remote resources. Successful exploitation of this vulnerability requires that "register_globals" is enabled. In addition "magic_quotes_gpc" must be disabled to include arbitrary files from local resources. 5) Input passed via the "id" parameter to general/pandora_help.php is not properly verified before being used to include files from local resources. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. 6) Input passed via the "layout" parameter to index.php is not properly verified before being used in a call to "system()". This can be exploited to execute arbitrary shell commands. Successful exploitation of this vulnerability requires "Operator (write)" permissions. 7) Input passed via the "layout" parameter to operation/agentes/networkmap.php is not properly sanitised before being used. This can be exploited to write to, delete, or include arbitrary files from local resources via directory traversal sequences. The vulnerabilities are confirmed in version 3.1. Prior versions may also be affected. SOLUTION: Update to version 3.1.1 or apply vendor supplied patch. PROVIDED AND/OR DISCOVERED BY: Juan Galiana Lara ORIGINAL ADVISORY: Juan Galiana Lara: http://archives.neohapsis.com/archives/fulldisclosure/2010-11/0366.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 1 20:08:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 2 Dec 2010 05:08:36 +0100 Subject: [SEC] [SA42344] ZyXEL P-660R-T1 "HomeCurrent_Date" Cross-Site Scripting Vulnerability Message-ID: <201012020408.oB248a8K009141@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: ZyXEL P-660R-T1 "HomeCurrent_Date" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42344 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42344/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42344 RELEASE DATE: 2010-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/42344/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42344/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42344 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in ZyXEL P-660R-T1, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "HomeCurrent_Date" parameter to the /Forms/home_1 script is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected device. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: Usman Saeed, Xc0re Security Research Group ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2010-11/0190.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 2 10:30:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 2 Dec 2010 19:30:00 +0100 Subject: [SEC] [SA42415] Fedora update for kernel Message-ID: <201012021830.oB2IU0w4029608@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for kernel SECUNIA ADVISORY ID: SA42415 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42415/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42415 RELEASE DATE: 2010-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/42415/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42415/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42415 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for kernel. This fixes multiple weaknesses and a vulnerability, which can be exploited by malicious, local users to disclose certain system information and bypass certain security restrictions. For more information: SA41440 SA42126 SOLUTION: Apply updated packages using the yum utility ("yum update kernel"). ORIGINAL ADVISORY: FEDORA-2010-18432: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051749.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 2 11:30:52 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 2 Dec 2010 20:30:52 +0100 Subject: [SEC] [SA42424] Eclime Multiple Vulnerabilities Message-ID: <201012021930.oB2JUqfM020017@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Eclime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42424 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42424/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42424 RELEASE DATE: 2010-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/42424/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42424/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42424 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in Eclime, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Input passed via the "country" POST parameter to create_account.php, via the "ref" parameter to index.php, and via the "poll_id" POST parameter to index.php (when "poll_action" is set to "vote") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed via the "reason" parameter to index.php (when "login" is set to "fail") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 1.1.2b. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22704: http://www.htbridge.ch/advisory/sql_injection_in_eclime.html HTB22705: http://www.htbridge.ch/advisory/sql_injection_in_eclime_1.html HTB22706: http://www.htbridge.ch/advisory/xss_in_eclime.html HTB22707: http://www.htbridge.ch/advisory/sql_injection_in_eclime_2.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 2 12:29:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 2 Dec 2010 21:29:48 +0100 Subject: [SEC] [SA42435] BIND Key Algorithm Rollover Weakness Message-ID: <201012022029.oB2KTmFh010329@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: BIND Key Algorithm Rollover Weakness SECUNIA ADVISORY ID: SA42435 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42435/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42435 RELEASE DATE: 2010-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/42435/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42435/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42435 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in BIND, which can be exploited by malicious people to manipulate certain data. The weakness is caused due to an error in named when acting as DNSSEC validating resolver and querying a zone undergoing a key algorithm rollover, which can cause named to mark the zone data as insecure. The weakness is reported in versions 9.0.x to 9.7.2-P2, 9.4-ESV to 9.4-ESV-R3, and 9.6-ESV to 9.6-ESV-R2. SOLUTION: Update to version 9.4-ESV-R4 or newer, 9.6.2-P3 or 9.6-ESV-R3 or newer, and 9.7.2-P3. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: https://www.isc.org/software/bind/advisories/cve-2010-3614 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 2 13:30:06 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 2 Dec 2010 22:30:06 +0100 Subject: [SEC] [SA42432] Red Hat update for java-1.4.2-ibm Message-ID: <201012022130.oB2LU6Zj000656@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for java-1.4.2-ibm SECUNIA ADVISORY ID: SA42432 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42432/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42432 RELEASE DATE: 2010-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/42432/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42432/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42432 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for java-1.4.2-ibm. This fixes some vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to disclose and manipulate certain data. For more information: SA39762 SA41791 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0935-1: https://rhn.redhat.com/errata/RHSA-2010-0935.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 2 14:24:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 2 Dec 2010 23:24:12 +0100 Subject: [SEC] [SA42447] Drupal Services Module Security Bypass Vulnerability Message-ID: <201012022224.oB2MOCax023216@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Drupal Services Module Security Bypass Vulnerability SECUNIA ADVISORY ID: SA42447 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42447/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42447 RELEASE DATE: 2010-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/42447/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42447/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42447 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Services module for Drupal, which can be exploited by malicious users to bypass certain security restrictions. An error in the handling of access permissions when using the "node.save" service can be exploited to update otherwise restricted nodes via a specially crafted node or format type. The vulnerability is reported in versions prior to 6.x-2.3. SOLUTION: Update to version 6.x-2.3. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Yonathan Offek. ORIGINAL ADVISORY: SA-CONTRIB-2010-107: http://drupal.org/node/986798 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 2 14:45:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 2 Dec 2010 23:45:32 +0100 Subject: [SEC] [SA42439] D-Link DIR-615 "tools_admin.php" Security Issue Message-ID: <201012022245.oB2MjWCw011848@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: D-Link DIR-615 "tools_admin.php" Security Issue SECUNIA ADVISORY ID: SA42439 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42439/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42439 RELEASE DATE: 2010-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/42439/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42439/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42439 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Karol Celinski has reported a vulnerability in D-Link DIR-615, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable device. For more information see vulnerability #4: SA33692 The vulnerability is reported in firmware versions prior to revision D.4-13B01. SOLUTION: Update to the latest firmware version. PROVIDED AND/OR DISCOVERED BY: Karol Celinski OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 2 15:17:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 3 Dec 2010 00:17:21 +0100 Subject: [SEC] [SA42374] BIND RRSIG / ncache Denial of Service Vulnerability Message-ID: <201012022317.oB2NHLH1000976@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: BIND RRSIG / ncache Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42374 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42374/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42374 RELEASE DATE: 2010-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/42374/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42374/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42374 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in BIND, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to named not properly clearing matching RRSIG records in the cache when negatively caching a "NO DATA", which can be exploited to cause named to crash when performing subsequent lookups. The vulnerability is reported in versions 9.6.2 to 9.6.2-P2, 9.6-ESV to 9.6-ESV-R2, and 9.7.0 to 9.7.2-P2 SOLUTION: Update to 9.6.2-P3 or newer, 9.6-ESV-R3 or newer, or 9.7.2-P3. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: https://www.isc.org/software/bind/advisories/cve-2010-3613 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 2 15:47:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 3 Dec 2010 00:47:09 +0100 Subject: [SEC] [SA42457] HP-UX update for OpenSSL Message-ID: <201012022347.oB2Nl9rM022451@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HP-UX update for OpenSSL SECUNIA ADVISORY ID: SA42457 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42457/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42457 RELEASE DATE: 2010-12-03 DISCUSS ADVISORY: http://secunia.com/advisories/42457/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42457/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42457 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: HP has issued an update for OpenSSL in HP-UX. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library. For more information: SA40000 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: HPSBUX02610 SSRT100341: http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02629503 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 2 16:12:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 3 Dec 2010 01:12:27 +0100 Subject: [SEC] [SA42426] ClamAV Multiple Vulnerabilities Message-ID: <201012030012.oB30CRAq011262@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: ClamAV Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42426 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42426/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42426 RELEASE DATE: 2010-12-03 DISCUSS ADVISORY: http://secunia.com/advisories/42426/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42426/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42426 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. 1) Multiple errors within the processing of PDF files can be exploited to e.g. cause a crash. 2) An off-by-one error within the "icon_cb()" function can be exploited to cause a memory corruption. The vulnerabilities are reported in versions prior to 0.96.5. SOLUTION: Update to version 0.96.5. PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor and Arkadiusz Miskiewicsz. 2) Reported by the vendor. ORIGINAL ADVISORY: http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=master http://freshmeat.net/projects/clamav/releases/325193 1) http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=019f1955194360600ecf0644959ceca6734c2d7b 2) http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=1f3db7f074995bd4e1d0183b2db8b1c472d2f41b OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 2 16:47:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 3 Dec 2010 01:47:05 +0100 Subject: [SEC] [SA42401] Red Hat update for acroread Message-ID: <201012030047.oB30l5XD000417@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for acroread SECUNIA ADVISORY ID: SA42401 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42401/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42401 RELEASE DATE: 2010-12-03 DISCUSS ADVISORY: http://secunia.com/advisories/42401/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42401/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42401 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for acroread. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA42030 SA42095 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0934-1: https://rhn.redhat.com/errata/RHSA-2010-0934.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 2 17:14:51 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 3 Dec 2010 02:14:51 +0100 Subject: [SEC] [SA42429] Debian update for libxml2 Message-ID: <201012030114.oB31EpCj021804@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Debian update for libxml2 SECUNIA ADVISORY ID: SA42429 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42429/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42429 RELEASE DATE: 2010-12-03 DISCUSS ADVISORY: http://secunia.com/advisories/42429/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42429/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42429 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA42175 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA-2128-1: http://www.debian.org/security/2010/dsa-2128 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 2 17:45:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 3 Dec 2010 02:45:13 +0100 Subject: [SEC] [SA42420] Debian update for krb5 Message-ID: <201012030145.oB31jDpm010845@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Debian update for krb5 SECUNIA ADVISORY ID: SA42420 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42420/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42420 RELEASE DATE: 2010-12-03 DISCUSS ADVISORY: http://secunia.com/advisories/42420/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42420/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42420 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for krb5. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks. For more information: SA42396 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA-2129-1: http://www.debian.org/security/2010/dsa-2129 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 2 18:10:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 3 Dec 2010 03:10:17 +0100 Subject: [SEC] [SA42400] Red Hat update for kernel Message-ID: <201012030210.oB32AHxA032038@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for kernel SECUNIA ADVISORY ID: SA42400 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42400/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42400 RELEASE DATE: 2010-12-03 DISCUSS ADVISORY: http://secunia.com/advisories/42400/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42400/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42400 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges and by malicious people to cause a DoS. For more information: SA42225 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0936-1: https://rhn.redhat.com/errata/RHSA-2010-0936.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 2 18:24:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 3 Dec 2010 03:24:46 +0100 Subject: [SEC] [SA42417] Fedora update for java-1.6.0-openjdk Message-ID: <201012030224.oB32Oktl020348@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for java-1.6.0-openjdk SECUNIA ADVISORY ID: SA42417 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42417/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42417 RELEASE DATE: 2010-12-03 DISCUSS ADVISORY: http://secunia.com/advisories/42417/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42417/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42417 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for java-1.6.0-openjdk. This fixes a security issue, which can be exploited by malicious people to disclose system information. For more information: SA42412 SOLUTION: Apply updated packages via the yum utility ("yum update java-1.6.0-openjdk"). ORIGINAL ADVISORY: FEDORA-2010-18393: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051711.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 2 18:45:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 3 Dec 2010 03:45:47 +0100 Subject: [SEC] [SA42450] Drupal Comment Edited Module Script Insertion Vulnerability Message-ID: <201012030245.oB32jlVm008974@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Drupal Comment Edited Module Script Insertion Vulnerability SECUNIA ADVISORY ID: SA42450 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42450/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42450 RELEASE DATE: 2010-12-03 DISCUSS ADVISORY: http://secunia.com/advisories/42450/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42450/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42450 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Comment Edited module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Certain unspecified input is not properly sanitised before being displayed to the user. This can be exploited to execute arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "administer comments" permissions. The vulnerability is reported in versions prior to 6.x-1.4. SOLUTION: Update to version 6.x-1.4. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: SA-CONTRIB-2010-106: http://drupal.org/node/986516 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 2 19:14:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 3 Dec 2010 04:14:48 +0100 Subject: [SEC] [SA42458] BIND "allow-query" ACL Bypass Vulnerability Message-ID: <201012030314.oB33EmD4030846@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: BIND "allow-query" ACL Bypass Vulnerability SECUNIA ADVISORY ID: SA42458 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42458/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42458 RELEASE DATE: 2010-12-03 DISCUSS ADVISORY: http://secunia.com/advisories/42458/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42458/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42458 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in BIND, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to named not properly applying the "allow-query" ACL in the "view" or "global" options if the "allow-query" ACL is not set in the zone statement, which can be exploited to bypass intended query restrictions. Successful exploitation requires that named is running as authoritative server for the zone. The vulnerability is reported in version 9.7.2-P2. SOLUTION: Update to version 9.7.2-P3. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: https://www.isc.org/software/bind/advisories/cve-2010-3615 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 2 19:45:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 3 Dec 2010 04:45:29 +0100 Subject: [SEC] [SA42459] Ubuntu update for bind Message-ID: <201012030345.oB33jToZ019898@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for bind SECUNIA ADVISORY ID: SA42459 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42459/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42459 RELEASE DATE: 2010-12-03 DISCUSS ADVISORY: http://secunia.com/advisories/42459/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42459/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42459 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for bind. This fixes a weakness and a vulnerability, which can be exploited by malicious people to manipulate certain data and cause a DoS (Denial of Service). For more information: SA42374 SA42435 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1025-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-December/001206.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 2 20:10:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 3 Dec 2010 05:10:32 +0100 Subject: [SEC] [SA42445] Image Viewer CP Pro / Gold ActiveX Control "Image2PDF()" Buffer Overflow Message-ID: <201012030410.oB34AWPK008698@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Image Viewer CP Pro / Gold ActiveX Control "Image2PDF()" Buffer Overflow SECUNIA ADVISORY ID: SA42445 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42445/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42445 RELEASE DATE: 2010-12-03 DISCUSS ADVISORY: http://secunia.com/advisories/42445/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42445/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42445 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Image Viewer CP Pro and Gold, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx). This can be exploited to cause a stack-based buffer overflow by passing an overly long "strPDFFile" parameter to the "Image2PDF()" method. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in the following versions (other versions may also be affected): * Image Viewer CP Pro SDK ActiveX 8.0 * Image Viewer CP Gold SDK ActiveX 6.0 SOLUTION: Set the kill-bit for the affected ActiveX control. PROVIDED AND/OR DISCOVERED BY: bz1p OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 2 20:24:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 3 Dec 2010 05:24:27 +0100 Subject: [SEC] [SA42452] Drupal Outline Designer Module Cross-Site Request Forgery Vulnerability Message-ID: <201012030424.oB34ORpP029365@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Drupal Outline Designer Module Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA42452 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42452/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42452 RELEASE DATE: 2010-12-03 DISCUSS ADVISORY: http://secunia.com/advisories/42452/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42452/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42452 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Outline Designer module for Drupal, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change book nodes by tricking a logged in administrative user into visiting a malicious web site. The vulnerability is reported in versions prior to 6.x-1.2. SOLUTION: Update to version 6.x-1.2. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: SA-CONTRIB-2010-105: http://drupal.org/node/986448 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 2 20:45:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 3 Dec 2010 05:45:07 +0100 Subject: [SEC] [SA42444] LittlePhpGallery "repertoire" Local File Inclusion Vulnerability Message-ID: <201012030445.oB34j7Ih017983@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: LittlePhpGallery "repertoire" Local File Inclusion Vulnerability SECUNIA ADVISORY ID: SA42444 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42444/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42444 RELEASE DATE: 2010-12-03 DISCUSS ADVISORY: http://secunia.com/advisories/42444/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42444/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42444 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in LittlePhpGallery, which can be exploited by malicious people to disclose sensitive information. Input passed via the "repertoire" parameter to gallery.php is not properly verified before being used. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerability is confirmed in version 1.0.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: kire bozorge khavarmian OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 2 21:10:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 3 Dec 2010 06:10:58 +0100 Subject: [SEC] [SA42398] Red Hat JBoss Enterprise Application Platform Three Vulnerabilities Message-ID: <201012030510.oB35Awhl006803@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat JBoss Enterprise Application Platform Three Vulnerabilities SECUNIA ADVISORY ID: SA42398 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42398/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42398 RELEASE DATE: 2010-12-03 DISCUSS ADVISORY: http://secunia.com/advisories/42398/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42398/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42398 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has acknowledged some vulnerabilities in JBoss Enterprise Application Platform, which can be exploited by malicious people to conduct cross-site request forgery attacks, cause a DoS (Denial of Service), or compromise a vulnerable system. 1) An input sanitisation error during deserialisation in JBoss Drools can be exploited to execute arbitrary code by passing specially crafted input containing an embedded class file to a JBoss Seam based application that accepts serialized input. 2) The JMX Console allows users to perform certain actions via HTTP requests with performing any validity checks to verify the requests. This can be exploited to e.g. deploy an arbitrary WAR file on the target server if a logged-in administrative user is tricked into visiting a specially crafted web page. 3) An error in the JBoss Remoting component within the handling of bisocket control connections can be exploited to cause the JBoss Remoting listeners to become unresponsive. SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: https://rhn.redhat.com/errata/RHSA-2010-0937.html https://rhn.redhat.com/errata/RHSA-2010-0938.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 2 21:43:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 3 Dec 2010 06:43:49 +0100 Subject: [SEC] [SA42454] Novell Sentinel Log Manager Tomcat Vulnerability Message-ID: <201012030543.oB35hnCW028335@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Novell Sentinel Log Manager Tomcat Vulnerability SECUNIA ADVISORY ID: SA42454 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42454/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42454 RELEASE DATE: 2010-12-03 DISCUSS ADVISORY: http://secunia.com/advisories/42454/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42454/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42454 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Novell has acknowledged a vulnerability in Sentinel Log Manager, which can be exploited by malicious people to disclose certain system information and cause a DoS (Denial of Service). The vulnerability is caused due to including a vulnerable version of Tomcat. For more information: SA39574 This affects Sentinel Log Manager version 1.0.0.5 and 1.1. SOLUTION: The vulnerability will be fixed in version 1.2. The vendor recommends to update to Tomcat version 6.0.29 manually (please see the vendor's advisory for details). ORIGINAL ADVISORY: http://www.novell.com/support/viewContent.do?externalId=7007275 http://www.novell.com/support/viewContent.do?externalId=7007274 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 2 22:09:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 3 Dec 2010 07:09:00 +0100 Subject: [SEC] [SA42449] ProFTPD Compromised Source Packages Backdoor Security Issue Message-ID: <201012030609.oB3690sx017134@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: ProFTPD Compromised Source Packages Backdoor Security Issue SECUNIA ADVISORY ID: SA42449 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42449/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42449 RELEASE DATE: 2010-12-03 DISCUSS ADVISORY: http://secunia.com/advisories/42449/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42449/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42449 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in ProFTPD, which can be exploited by malicious people to compromise a vulnerable system. The security issue is caused due to the distribution of compromised ProFTPD 1.3.3c source code packages via the project's main FTP server and all of the mirror servers, which contain a backdoor allowing remote root access. The compromised files were distributed from November 28th 2010 to December 2nd 2010. SOLUTION: Check and validate your copy of the source code. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Daniel Austin for reporting the modification of the source code. ORIGINAL ADVISORY: http://www.proftpd.org/index.html http://sourceforge.net/mailarchive/message.php?msg_name=alpine.DEB.2.00.1012011542220.12930%40familiar.castaglia.org OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 3 10:30:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 3 Dec 2010 19:30:22 +0100 Subject: [SEC] [SA42482] VMware Server Multiple Vulnerabilities Message-ID: <201012031830.oB3IUMCE005784@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: VMware Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42482 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42482/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42482 RELEASE DATE: 2010-12-03 DISCUSS ADVISORY: http://secunia.com/advisories/42482/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42482/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42482 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some security issues and vulnerabilities have been reported in VMware Server, which can be exploited by malicious, local users to gain escalated privileges and bypass certain security restrictions, and by malicious people to compromise a user's system. For more information: SA42453 SA42480 SA42481 SOLUTION: The vendor does not plan to issue patches. Migrate to a different product. ORIGINAL ADVISORY: VMSA-2010-0018: http://lists.vmware.com/pipermail/security-announce/2010/000112.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 3 11:30:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 3 Dec 2010 20:30:29 +0100 Subject: [SEC] [SA42473] OpenSSL "NETSCAPE_REUSE_CIPHER_CHANGE_BUG" Ciphersuite Downgrade Vulnerability Message-ID: <201012031930.oB3JUTlY028559@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: OpenSSL "NETSCAPE_REUSE_CIPHER_CHANGE_BUG" Ciphersuite Downgrade Vulnerability SECUNIA ADVISORY ID: SA42473 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42473/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42473 RELEASE DATE: 2010-12-03 DISCUSS ADVISORY: http://secunia.com/advisories/42473/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42473/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42473 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in OpenSSL, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error within the "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG" workaround in the SSL/TLS server code. This can be exploited by e.g. sniffing the session identifier and downgrading the cached ciphersuite prior to the legitimate client resuming the session, potentially leading to the client using a weaker ciphersuite. Successful exploitation requires that the server uses the internal caching mechanisms of OpenSSL and the "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG" flag (e.g. enabled via the "SSL_OP_ALL" option). The vulnerability is reported in all versions prior to 0.9.8q or 1.0.0c. SOLUTION: Update to version 0.9.8q or 1.0.0c or apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Martin Rex. ORIGINAL ADVISORY: http://www.openssl.org/news/secadv_20101202.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 3 12:30:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 3 Dec 2010 21:30:05 +0100 Subject: [SEC] [SA42460] CGI::Simple "multipart_init()" HTTP Header Injection Vulnerability Message-ID: <201012032030.oB3KU5rY018897@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: CGI::Simple "multipart_init()" HTTP Header Injection Vulnerability SECUNIA ADVISORY ID: SA42460 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42460/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42460 RELEASE DATE: 2010-12-03 DISCUSS ADVISORY: http://secunia.com/advisories/42460/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42460/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42460 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in CGI::Simple, which can be exploited by malicious people to conduct HTTP response splitting attacks. For more information: SA42443 SOLUTION: Fixed in the git repository. PROVIDED AND/OR DISCOVERED BY: Originally reported in ORIGINAL ADVISORY: https://github.com/AndyA/CGI--Simple/commit/e4942b871a26c1317a175a91ebb7262eea59b380 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 3 13:30:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 3 Dec 2010 22:30:40 +0100 Subject: [SEC] [SA42481] VMware Products VMnc Codec Frame Decompression Vulnerability Message-ID: <201012032130.oB3LUefj009292@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: VMware Products VMnc Codec Frame Decompression Vulnerability SECUNIA ADVISORY ID: SA42481 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42481/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42481 RELEASE DATE: 2010-12-03 DISCUSS ADVISORY: http://secunia.com/advisories/42481/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42481/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42481 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in VMware Movie Decoder, Workstation, and Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to missing input sanitation within the decoder frame decompression of the VMnc codec, which can be exploited to cause a heap memory corruption by e.g. tricking a user into opening a malicious website or playing a malicious file. Successful exploitation of the vulnerability may allow execution of arbitrary code. Note: This only affects the Windows versions of VMware Workstation and Player. SOLUTION: Update to a patched version. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Aaron Portnoy and Logan Brown, TippingPoint DVLabs ORIGINAL ADVISORY: VMSA-2010-0018: http://lists.vmware.com/pipermail/security-announce/2010/000112.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 3 14:24:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 3 Dec 2010 23:24:25 +0100 Subject: [SEC] [SA42480] VMware Products VMware Tools Command Injection Vulnerability Message-ID: <201012032224.oB3MOPYK031767@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: VMware Products VMware Tools Command Injection Vulnerability SECUNIA ADVISORY ID: SA42480 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42480/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42480 RELEASE DATE: 2010-12-03 DISCUSS ADVISORY: http://secunia.com/advisories/42480/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42480/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42480 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in VMware Workstation, Player, Fusion, ESX, and ESXi, which can be exploited by malicious, local users to bypass certain security restrictions. The vulnerability is caused due to an error within the VMware Tools, which can be exploited by a user on the host system to execute arbitrary commands with root privileges on a guest system. Successful exploitation requires that the VMware Tools are not completely up-to-date. Note: This does not affect Windows-based virtual machines. SOLUTION: Apply patches or update to a patched version. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Nahuel Grisolia, Bonsai Information Security ORIGINAL ADVISORY: VMSA-2010-0018: http://lists.vmware.com/pipermail/security-announce/2010/000112.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 3 14:45:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 3 Dec 2010 23:45:12 +0100 Subject: [SEC] [SA42461] CGI.pm "header()" HTTP Header Injection Vulnerability Message-ID: <201012032245.oB3MjCHG020364@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: CGI.pm "header()" HTTP Header Injection Vulnerability SECUNIA ADVISORY ID: SA42461 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42461/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42461 RELEASE DATE: 2010-12-03 DISCUSS ADVISORY: http://secunia.com/advisories/42461/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42461/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42461 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in CGI.pm, which can be exploited by malicious people to conduct HTTP response splitting attacks in an application using the library. The vulnerability is caused due to an error in the "header()" function when processing newline characters and can be exploited to include arbitrary HTTP headers in a response sent to the user. The vulnerability is reported in version 3.50. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: The vendor credits Michal Zalewski, Max Kanat-Alexander, Yanick Champoux Lincoln Stein, Frederic Buclin, and Mark Stosberg. ORIGINAL ADVISORY: http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes http://www.openwall.com/lists/oss-security/2010/12/01/2 http://www.openwall.com/lists/oss-security/2010/12/01/3 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 3 15:17:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 4 Dec 2010 00:17:17 +0100 Subject: [SEC] [SA42443] CGI.pm "multipart_init()" HTTP Header Injection Vulnerability Message-ID: <201012032317.oB3NHHtB009574@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: CGI.pm "multipart_init()" HTTP Header Injection Vulnerability SECUNIA ADVISORY ID: SA42443 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42443/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42443 RELEASE DATE: 2010-12-03 DISCUSS ADVISORY: http://secunia.com/advisories/42443/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42443/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42443 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in CGI.pm, which can be exploited by malicious people to conduct HTTP response splitting attacks in an application using the library. The vulnerability is caused due to an error in the "multipart_init()" function when handing a message with "multipart/x-mixed-replace" mime type. This can be exploited to include arbitrary HTTP headers in a response sent to the user. The vulnerability is reported in versions prior to 3.50. SOLUTION: Update to version 3.50. PROVIDED AND/OR DISCOVERED BY: Originally reported by Masahiro Yamada in Bugzilla. ORIGINAL ADVISORY: http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 3 15:47:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 4 Dec 2010 00:47:47 +0100 Subject: [SEC] [SA42476] Kindle for PC Insecure Library Loading Vulnerability Message-ID: <201012032347.oB3Nll4C030992@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Kindle for PC Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA42476 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42476/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42476 RELEASE DATE: 2010-12-04 DISCUSS ADVISORY: http://secunia.com/advisories/42476/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42476/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42476 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Kindle for PC, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. wintab32.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a AZW file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 1.3.0 (30884). Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Reported in an exploit module for CORE IMPACT, Core Security Technologies. ORIGINAL ADVISORY: http://www.coresecurity.com/content/amazon-kindle-for-pc-wintab32-dll-hijacking-exploit-10-5 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 3 16:12:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 4 Dec 2010 01:12:20 +0100 Subject: [SEC] [SA42451] Fedora update for udev Message-ID: <201012040012.oB40CKQJ019766@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for udev SECUNIA ADVISORY ID: SA42451 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42451/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42451 RELEASE DATE: 2010-12-04 DISCUSS ADVISORY: http://secunia.com/advisories/42451/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42451/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42451 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for udev. This fixes a vulnerability, which can be exploited by malicious users to disclose sensitive information. For more information: SA42342 SOLUTION: Apply updated packages using the yum utility ("yum update udev"). ORIGINAL ADVISORY: FEDORA-2010-17912: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051755.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 3 16:47:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 4 Dec 2010 01:47:39 +0100 Subject: [SEC] [SA42419] Palm Pre WebOS Contacts Application Vulnerability Message-ID: <201012040047.oB40ldIi009012@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Palm Pre WebOS Contacts Application Vulnerability SECUNIA ADVISORY ID: SA42419 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42419/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42419 RELEASE DATE: 2010-12-04 DISCUSS ADVISORY: http://secunia.com/advisories/42419/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42419/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42419 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Palm Pre WebOS, which can potentially be exploited by malicious people to compromise a vulnerable device. The vulnerability is caused due an error in the Contacts application, which can be exploited to e.g. gain access to emails, email addresses, contact list, and other potentially sensitive information, or install e.g. a keylogger. The vulnerability is reported for WebOS 1.4.x versions. SOLUTION: Reportedly fixed in version 2.0 beta. PROVIDED AND/OR DISCOVERED BY: Orlando Barrera and Daniel Herrera, SecTheory ORIGINAL ADVISORY: http://www.darkreading.com/vulnerability-management/167901026/security/application-security/228300479/researchers-uncover-holes-in-webos-smartphones.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 3 17:15:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 4 Dec 2010 02:15:21 +0100 Subject: [SEC] [SA42448] Etomite Multiple Vulnerabilities Message-ID: <201012040115.oB41FLPL030323@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Etomite Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42448 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42448/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42448 RELEASE DATE: 2010-12-04 DISCUSS ADVISORY: http://secunia.com/advisories/42448/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42448/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42448 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in Etomite, which can be exploited by malicious people to disclose potentially sensitive information and conduct cross-site scripting and SQL injection attacks. 1) Input passed via the "id" parameter to manager/actions/static/document_data.static.action.php is not properly sanitised before being used. This can be exploited to disclose arbitrary file contents via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. 2) Input passed via the "Referer" HTTP header to index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 3) Input passed via the "search" POST parameter when performing a search is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. 4) Input passed via the "location" parameter to manager/index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 1.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22710: http://www.htbridge.ch/advisory/sql_injection_in_etomite.html HTB22712: http://www.htbridge.ch/advisory/local_file_view_in_etomite.html HTB22713: http://www.htbridge.ch/advisory/xss_in_etomite.html HTB22714: http://www.htbridge.ch/advisory/sql_injection_in_etomite_1.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 3 17:45:45 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 4 Dec 2010 02:45:45 +0100 Subject: [SEC] [SA42479] VMware Server VI Web Access Directory Traversal Security Issue Message-ID: <201012040145.oB41jjvK019363@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: VMware Server VI Web Access Directory Traversal Security Issue SECUNIA ADVISORY ID: SA42479 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42479/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42479 RELEASE DATE: 2010-12-04 DISCUSS ADVISORY: http://secunia.com/advisories/42479/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42479/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42479 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been discovered in VMware Server, which can be exploited by malicious, local users to disclose sensitive information. The security issue is caused due to an input validation error in the VI Web Access interface and can be exploited to access arbitrary files via directory traversal sequences sent to TCP port 8307. The security issue is confirmed in version 2.0.2 build 203138 for Windows. Other versions may also be affected. SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: clshack OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 3 18:10:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 4 Dec 2010 03:10:09 +0100 Subject: [SEC] [SA42453] VMware Products "vmware-mount" Privilege Escalation Security Issues Message-ID: <201012040210.oB42A9N0008114@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: VMware Products "vmware-mount" Privilege Escalation Security Issues SECUNIA ADVISORY ID: SA42453 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42453/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42453 RELEASE DATE: 2010-12-04 DISCUSS ADVISORY: http://secunia.com/advisories/42453/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42453/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42453 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some security issues have been reported in VMware Workstation, Player, and Fusion, which can be exploited by malicious, local users to gain escalated privileges. 1) Race conditions within the "vmware-mount" utility when handling temporary files during the mounting process can be exploited to e.g. create files or directories. 2) An error within the "vmware-mount" utility when loading libraries can be exploited execute arbitrary code with root privileges. Note: The security issues only affect the Linux version of VMware Workstation and Player and VMware Fusion for Mac OS/X. SOLUTION: Update to a patched version. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) Dan Rosenberg 2) The vendor credits Martin Carpenter ORIGINAL ADVISORY: VMSA-2010-0018: http://lists.vmware.com/pipermail/security-announce/2010/000112.html 1) http://www.cs.brown.edu/people/drosenbe/research.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 3 18:25:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 4 Dec 2010 03:25:58 +0100 Subject: [SEC] [SA42472] Google Chrome Multiple Vulnerabilities Message-ID: <201012040225.oB42PwmI028892@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42472 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42472/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42472 RELEASE DATE: 2010-12-04 DISCUSS ADVISORY: http://secunia.com/advisories/42472/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42472/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42472 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities and weaknesses have been reported in Google Chrome, where some have an unknown impact and other can potentially be exploited by malicious people to compromise a vulnerable system. 1) An unspecified error exists, which can lead to cross-origin video theft with canvas. 2) An unspecified error can be exploited to cause a crash with HTML5 databases. 3) An unspecified error can be exploited to cause excessive file dialogs, potentially leading to a crash. 4) A use-after-free error in the history handling can be exploited to corrupt memory. 5) An unspecified error related to HTTP proxy authentication can be exploited to cause a crash. 6) An unspecified error in WebM video support can be exploited to trigger an out-of-bounds read. 7) An error related to incorrect indexing with malformed video data can be exploited to cause a crash. 8) An unspecified error in the handling of privileged extensions can be exploited to corrupt memory. 9) An use-after-free error in the handling of SVG animations can be exploited to corrupt memory. 10) A use-after-free error in the mouse dragging event handling can be exploited to corrupt memory. 11) A double-free error in the XPath handling can be exploited to corrupt memory. SOLUTION: Fixed in version 8.0.552.215. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR) 2) Google Chrome Security Team (Inferno) 3) Cezary Tomczak (gosu.pl) 4) Stefan Troger 5) Mohammed Bouhlel 6) Google Chrome Security Team (Chris Evans) 7) miaubiz 8, 10) kuzzcc 9) Sławomir Błażek 11) Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 3 18:45:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 4 Dec 2010 03:45:44 +0100 Subject: [SEC] [SA42442] Digitalus CMS File Upload Security Issue Message-ID: <201012040245.oB42jiRp017433@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Digitalus CMS File Upload Security Issue SECUNIA ADVISORY ID: SA42442 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42442/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42442 RELEASE DATE: 2010-12-04 DISCUSS ADVISORY: http://secunia.com/advisories/42442/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42442/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42442 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been discovered in Digitalus CMS, which can be exploited by malicious people to bypass certain security restrictions. Access to the enabled FCKeditor component is not properly restricted, which can be exploited to e.g. upload files of certain types. The security issue is confirmed in version 1.8.1. Other versions may also be affected. SOLUTION: Restrict access to the scripts/fckeditor/editor/filemanager/connectors/ directory (e.g. via .htaccess). PROVIDED AND/OR DISCOVERED BY: eidelweiss ORIGINAL ADVISORY: eidelweiss: http://eidelweiss-advisories.blogspot.com/2010/12/digitalus-1100-alpha2-arbitrary-file.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 6 10:30:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 6 Dec 2010 19:30:33 +0100 Subject: [SEC] [SA42524] Google Earth Insecure Library Loading Vulnerability Message-ID: <201012061830.oB6IUXwX015434@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Google Earth Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA42524 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42524/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42524 RELEASE DATE: 2010-12-06 DISCUSS ADVISORY: http://secunia.com/advisories/42524/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42524/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42524 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Google Earth, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. wintab32.dll and quserex.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a KMZ file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 5.1.3533.1731. Other versions may also be affected. SOLUTION: Upgrade to version 6.0. PROVIDED AND/OR DISCOVERED BY: Taeho Kwon and Zhendong Su ORIGINAL ADVISORY: http://www.cs.ucdavis.edu/research/tech-reports/2010/CSE-2010-2.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 6 11:29:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 6 Dec 2010 20:29:59 +0100 Subject: [SEC] [SA42526] Adobe Pixel Bender Toolkit Insecure Library Loading Vulnerability Message-ID: <201012061929.oB6JTxJn005786@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Adobe Pixel Bender Toolkit Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA42526 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42526/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42526 RELEASE DATE: 2010-12-06 DISCUSS ADVISORY: http://secunia.com/advisories/42526/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42526/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42526 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Adobe Pixel Bender Toolkit, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application bundling a vulnerable version of the Intel TBB library, which loads libraries (e.g. tbbmalloc.dll) in an insecure manner and due to the "sniffer_gpu.exe" utility loading libraries (e.g. d3d10.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a PBK file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. For more information: SA42506 The vulnerability is confirmed in version 2.1.432154. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Reported in an exploit module for CORE IMPACT, Core Security Technologies. Additional information provided by Secunia Research. ORIGINAL ADVISORY: http://www.coresecurity.com/content/adobe-pixel-bender-toolkit-tbbmalloc-dll-hijacking-exploit-10-5 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 6 12:30:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 6 Dec 2010 21:30:14 +0100 Subject: [SEC] [SA42509] Atlassian JIRA Cross-Site Scripting Vulnerabilities Message-ID: <201012062030.oB6KUEUg028562@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Atlassian JIRA Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA42509 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42509/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42509 RELEASE DATE: 2010-12-06 DISCUSS ADVISORY: http://secunia.com/advisories/42509/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42509/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42509 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Atlassian JIRA, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input passed via URL query strings is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in all versions prior to 4.2.1. SOLUTION: Update to version 4.2.1 and later. Patches for versions 3.13.5, 4.0.2, 4.1.2, or 4.2.1 are available. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2010-12-06#JIRASecurityAdvisory2010-12-06-XSSVulnerabilitiesinURLQueryStrings OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 6 13:30:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 6 Dec 2010 22:30:10 +0100 Subject: [SEC] [SA42456] VideoCharge Studio ".vcs" Processing Buffer Overflow Vulnerability Message-ID: <201012062130.oB6LUAiP018947@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: VideoCharge Studio ".vcs" Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42456 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42456/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42456 RELEASE DATE: 2010-12-06 DISCUSS ADVISORY: http://secunia.com/advisories/42456/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42456/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42456 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: xsploitedsec has discovered a vulnerability in VideoCharge Studio, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the parsing of ".vcs" files. This can be exploited to cause a stack-based buffer overflow via a specially crafted ".vcs" file with an overly-long "Name" value in the "Value" tag. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 2.9.5.643. Other versions may also be affected. SOLUTION: Do not open ".vcs" files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: xsploitedsec ORIGINAL ADVISORY: http://x-sploited.com/2010/12/05/video-charge-studio-2/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 6 14:24:15 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 6 Dec 2010 23:24:15 +0100 Subject: [SEC] [SA42465] Freefloat FTP Server Reply Buffer Overflow Vulnerability Message-ID: <201012062224.oB6MOFf1009048@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Freefloat FTP Server Reply Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42465 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42465/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42465 RELEASE DATE: 2010-12-06 DISCUSS ADVISORY: http://secunia.com/advisories/42465/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42465/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42465 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Freefloat FTP Server, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error when sending overly long replies, which can be exploited to cause a stack-based buffer overflow by e.g. sending a "USER" command with an overly long username parameter or sending an overly long unknown command. The vulnerability is confirmed in the x86 version for Windows downloaded on 2010-12-06. Other versions may also be affected. SOLUTION: Use a firewall to restrict access to trusted computers. PROVIDED AND/OR DISCOVERED BY: 0v3r ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/15689/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 6 14:45:01 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 6 Dec 2010 23:45:01 +0100 Subject: [SEC] [SA42394] Fedora update for kernel Message-ID: <201012062245.oB6Mj1ZV030063@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for kernel SECUNIA ADVISORY ID: SA42394 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42394/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42394 RELEASE DATE: 2010-12-06 DISCUSS ADVISORY: http://secunia.com/advisories/42394/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42394/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42394 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for kernel. This fixes one vulnerability and some weaknesses, which can be exploited by malicious, local users to disclose potentially sensitive information and bypass certain security restrictions. For more information: SA41440 SA42061 SA42126 SOLUTION: Apply updated packages using the yum utility ("yum update kernel"). ORIGINAL ADVISORY: FEDORA-2010-18493: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051853.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 6 15:17:56 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 7 Dec 2010 00:17:56 +0100 Subject: [SEC] [SA42515] Rae Media Inc Real Estate Single / Multi Agent Listing System SQL Injection Message-ID: <201012062317.oB6NHuFD019320@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Rae Media Inc Real Estate Single / Multi Agent Listing System SQL Injection SECUNIA ADVISORY ID: SA42515 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42515/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42515 RELEASE DATE: 2010-12-06 DISCUSS ADVISORY: http://secunia.com/advisories/42515/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42515/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42515 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Rae Media Inc Real Estate Single / Multi Agent Listing System, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "probe" parameter to resulttype.asp and city.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: R4dc0re ORIGINAL ADVISORY: http://packetstormsecurity.org/files/view/96389/raemediaincresmas-sql.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 6 15:47:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 7 Dec 2010 00:47:19 +0100 Subject: [SEC] [SA42462] Pulse CMS "p" Local File Inclusion Vulnerability Message-ID: <201012062347.oB6NlJ4v008311@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Pulse CMS "p" Local File Inclusion Vulnerability SECUNIA ADVISORY ID: SA42462 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42462/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42462 RELEASE DATE: 2010-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/42462/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42462/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42462 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Mark Stanislav has reported a vulnerability in Pulse CMS, which can be exploited by malicious people to disclose potentially sensitive information. Input passed via the "p" parameter to e.g. index.php is not properly sanitised before being used. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. The vulnerability is reported in version 1.2.8. Prior versions may also be affected. SOLUTION: Update to version 1.2.9. PROVIDED AND/OR DISCOVERED BY: Mark Stanislav ORIGINAL ADVISORY: Pulse CMS: http://pulsecms.com/release-notes.php Mark Stanislav: http://www.uncompiled.com/2010/12/pulse-cms-basic-local-file-inclusion-vulnerability-cve-2010-4330/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 6 16:13:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 7 Dec 2010 01:13:07 +0100 Subject: [SEC] [SA42466] Ecommercemax Solutions Digital-goods seller (DGS) "d" SQL Injection Vulnerability Message-ID: <201012070013.oB70D7tK029565@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ecommercemax Solutions Digital-goods seller (DGS) "d" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42466 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42466/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42466 RELEASE DATE: 2010-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/42466/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42466/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42466 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Ecommercemax Solutions Digital-goods seller (DGS), which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "d" parameter to shoppingcart.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: R4dc0re OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 6 16:46:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 7 Dec 2010 01:46:58 +0100 Subject: [SEC] [SA42508] Perl IO::Socket::SSL "verify_mode" Security Bypass Security Issue Message-ID: <201012070046.oB70kwRj018761@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Perl IO::Socket::SSL "verify_mode" Security Bypass Security Issue SECUNIA ADVISORY ID: SA42508 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42508/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42508 RELEASE DATE: 2010-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/42508/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42508/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42508 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Perl IO::Socket::SSL, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to IO::Socket::SSL silently falling back to the "VERIFY_NONE" verification mode if another verification mode is defined but no valid ca_file or ca_path is provided. This can be exploited to e.g. bypass the expected verification mode and conduct spoofing attacks. The security issue is reported in versions prior to 1.35. SOLUTION: Update to version 1.35. PROVIDED AND/OR DISCOVERED BY: Daniel Kahn Gillmor ORIGINAL ADVISORY: IO::Socket::SSL changelog: http://cpansearch.perl.org/src/SULLR/IO-Socket-SSL-1.35/Changes Debian Bug #606058: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606058 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 6 17:14:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 7 Dec 2010 02:14:44 +0100 Subject: [SEC] [SA42495] WaveMax Sound Editor Insecure Library Loading Vulnerability Message-ID: <201012070114.oB71Ei60007687@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: WaveMax Sound Editor Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA42495 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42495/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42495 RELEASE DATE: 2010-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/42495/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42495/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42495 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in WaveMax Sound Editor, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. wnaspi32.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a WAV or CDA file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code, but requires that files are opened via the Windows Explorer "Edit with WaveMax" menu. The vulnerability is confirmed in version 4.5.1. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Mister Teatime OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 6 17:44:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 7 Dec 2010 02:44:46 +0100 Subject: [SEC] [SA42440] Contenido "idart" Cross-Site Scripting Vulnerability Message-ID: <201012070144.oB71ikp3029114@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Contenido "idart" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42440 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42440/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42440 RELEASE DATE: 2010-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/42440/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42440/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42440 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Contenido, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "idart" parameter to cms/front_content.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a logged-in user's browser session in context of an affected site. The vulnerability is confirmed in version 4.8.12. Other versions may also be affected. SOLUTION: Update to version 4.8.14. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22636: http://www.htbridge.ch/advisory/xss_vulnerability_in_contenido_cms_1.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 6 18:09:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 7 Dec 2010 03:09:58 +0100 Subject: [SEC] [SA42490] Linksys WRT54G2 / BEFSR41 Cross-Site Request Forgery Vulnerability Message-ID: <201012070209.oB729w9J017927@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Linksys WRT54G2 / BEFSR41 Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA42490 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42490/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42490 RELEASE DATE: 2010-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/42490/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42490/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42490 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Linksys WRT54G2 and BEFSR41 routers, which can be exploited by malicious people to conduct cross-site request forgery attacks. For more information see vulnerability #2: SA21372 The vulnerability is reported in the following products: * Linksys WRT54G2 firmware version 1.50. * Linksys BEFSR41 firmware version 1.06.01. SOLUTION: Do not browse untrusted sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: Martin Barbella ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0027.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 6 18:24:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 7 Dec 2010 03:24:07 +0100 Subject: [SEC] [SA42525] Adobe Device Central Insecure Library Loading Vulnerability Message-ID: <201012070224.oB72O7gS006233@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Adobe Device Central Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA42525 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42525/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42525 RELEASE DATE: 2010-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/42525/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42525/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42525 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Adobe Device Central, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. ibfs32.dll and amt_cdb.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a ADCP file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 2.0.0 (0476). Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Reported in an exploit module for CORE IMPACT, Core Security Technologies. ORIGINAL ADVISORY: http://www.coresecurity.com/content/adobe-device-central-cs4-ibfs32-dll-hijacking-exploit-10-5 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 6 18:45:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 7 Dec 2010 03:45:31 +0100 Subject: [SEC] [SA41348] WebEx Meeting Manager WebexUCFObject ActiveX Control Insecure Library Loading Message-ID: <201012070245.oB72jV4I027259@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: WebEx Meeting Manager WebexUCFObject ActiveX Control Insecure Library Loading SECUNIA ADVISORY ID: SA41348 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41348/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41348 RELEASE DATE: 2010-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/41348/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41348/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41348 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Parvez Anwar has discovered a vulnerability in the WebEx Meeting Manager WebexUCFObject ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the WebexUCFObject ActiveX control (atucfobj.dll) loading libraries (e.g. wbxtrace.dll) in an insecure manner. This can be exploited to load arbitrary libraries by e.g. embedding the ActiveX control into a Microsoft Word document and tricking a user into opening the document from a remote WebDAV or SMB share. The vulnerability is confirmed in atucfobj.dll version 20.2009.2706.1025 included in the WebEx Meeting Manager ActiveX package. Other versions may also be affected. SOLUTION: The vendor has planned the rollout of an updated version for December 4th, 2010. Please contact the vendor for additional details. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Parvez Anwar via Secunia OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 6 19:14:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 7 Dec 2010 04:14:18 +0100 Subject: [SEC] [SA42488] Techno Dreams Cars Ads Package "key" SQL Injection Vulnerability Message-ID: <201012070314.oB73EIvl016746@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Techno Dreams Cars Ads Package "key" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42488 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42488/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42488 RELEASE DATE: 2010-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/42488/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42488/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42488 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Techno Dreams Cars Ads Package, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "key" parameter to processview.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 2.0. Other versions may also be affected. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: R4dc0re OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 6 19:44:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 7 Dec 2010 04:44:04 +0100 Subject: [SEC] [SA42511] phpRechnung Multiple Unspecified Vulnerabilities Message-ID: <201012070344.oB73i4HM005751@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: phpRechnung Multiple Unspecified Vulnerabilities SECUNIA ADVISORY ID: SA42511 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42511/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42511 RELEASE DATE: 2010-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/42511/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42511/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42511 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in phpRechnung, which have unknown impacts. The vulnerabilities are caused due to unspecified errors, which can be exploited to e.g. gain unauthenticated access. The vulnerabilities are reported in versions prior to 1.6. Other versions may also be affected. SOLUTION: Update to version 1.6. PROVIDED AND/OR DISCOVERED BY: The vendor credits Brendan Coles. ORIGINAL ADVISORY: http://www.loenshotel.de/phpRechnung/ChangeLog.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 6 20:09:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 7 Dec 2010 05:09:08 +0100 Subject: [SEC] [SA42484] eSyndiCat Directory Software "title" Cross-Site Scripting Vulnerabilities Message-ID: <201012070409.oB7498Ek026961@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: eSyndiCat Directory Software "title" Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA42484 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42484/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42484 RELEASE DATE: 2010-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/42484/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42484/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42484 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in eSyndiCat Directory Software, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "title" POST parameter to suggest-category.php and suggest-listing.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in version 2.3. Other versions may also be affected. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: d3v1l OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 6 20:22:57 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 7 Dec 2010 05:22:57 +0100 Subject: [SEC] [SA42506] Intel Threading Building Blocks (TBB) Insecure Library Loading Vulnerability Message-ID: <201012070422.oB74Mv79015257@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Intel Threading Building Blocks (TBB) Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA42506 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42506/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42506 RELEASE DATE: 2010-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/42506/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42506/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42506 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Intel Threading Building Blocks (TBB), which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the "tbb.dll" loading libraries (e.g. tbbmalloc.dll) in an insecure manner. This can be exploited to load arbitrary libraries when an application using this library e.g. opens a file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 2.2.013. Other versions may also be affected. SOLUTION: Upgrade to version 3.0.4.127. PROVIDED AND/OR DISCOVERED BY: Originally reported in a CORE IMPACT exploit module for Adobe Pixel Bender Toolkit by Core Security Technologies. Additional information provided by Secunia Research. ORIGINAL ADVISORY: http://www.coresecurity.com/content/adobe-pixel-bender-toolkit-tbbmalloc-dll-hijacking-exploit-10-5 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 7 10:29:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 7 Dec 2010 19:29:58 +0100 Subject: [SEC] [SA42531] VMware ESX Console OS (COS) Update for samba Message-ID: <201012071829.oB7ITwip008678@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: VMware ESX Console OS (COS) Update for samba SECUNIA ADVISORY ID: SA42531 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42531/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42531 RELEASE DATE: 2010-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/42531/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42531/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42531 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: VMware has issued an update for the Console OS (COS) samba packages. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system. For more information: SA41354 SOLUTION: Apply patches if available. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: VMSA-2010-0019: http://lists.vmware.com/pipermail/security-announce/2010/000113.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 7 11:29:55 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 7 Dec 2010 20:29:55 +0100 Subject: [SEC] [SA42529] VMware ESX Console OS (COS) Update for bzip2 Message-ID: <201012071929.oB7JTtVF031439@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: VMware ESX Console OS (COS) Update for bzip2 SECUNIA ADVISORY ID: SA42529 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42529/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42529 RELEASE DATE: 2010-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/42529/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42529/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42529 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: VMware has issued an update for the Console OS (COS) bzip2 packages. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. For more information: SA41452 SOLUTION: Apply patches if available. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: VMSA-2010-0019: http://lists.vmware.com/pipermail/security-announce/2010/000113.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 7 12:29:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 7 Dec 2010 21:29:54 +0100 Subject: [SEC] [SA42501] S-Banking / S-Finanzstatus Certificate Verification Security Issue Message-ID: <201012072029.oB7KTs9X021818@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: S-Banking / S-Finanzstatus Certificate Verification Security Issue SECUNIA ADVISORY ID: SA42501 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42501/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42501 RELEASE DATE: 2010-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/42501/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42501/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42501 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in S-Banking and S-Finanzstatus, which can be exploited by malicious people to conduct spoofing attacks. The security issue is caused due to the application not properly verifying the server certificate of the bank's server. This can be exploited to e.g. spoof the server via a MitM (Man-in-the-Middle) attack and e.g. disclose potentially sensitive information. The vulnerability is reported in versions prior to 1.6.3 for the iPhone / iPod touch and prior to 1.5.3 for the iPad. SOLUTION: Update to version 1.6.3 for the iPhone or 1.5.3 for the iPad. PROVIDED AND/OR DISCOVERED BY: heise.de ORIGINAL ADVISORY: iTunes: http://itunes.apple.com/de/app/s-banking-mobile-banking-mit/id320596872?mt=8 http://itunes.apple.com/de/app/s-finanzstatus-mobile-banking/id320599923?mt=8 Heise.de: http://www.heise.de/security/meldung/iPhone-Banking-mit-gravierenden-Luecken-1147040.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 7 13:29:50 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 7 Dec 2010 22:29:50 +0100 Subject: [SEC] [SA42391] LightNEasy "page" and "id" SQL Injection Vulnerabilities Message-ID: <201012072129.oB7LToD6012185@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: LightNEasy "page" and "id" SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA42391 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42391/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42391 RELEASE DATE: 2010-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/42391/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42391/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42391 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Russ McRee has discovered some vulnerabilities in LightNEasy, which can be exploited by malicious users and malicious people to conduct SQL injection attacks. 1) Input passed via the "page" parameter to LightNEasy.php is not properly sanitised before being used in SQL queries, if it contains a URL-encoded NULL byte. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. 2) Input passed via the "id" parameter to LightNEasy.php (when "do" is set to "users" and "action" is set to "edituser") is not properly sanitised before being used in SQL queries, if it contains a URL-encoded NULL byte. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires access to the administrative interface and that "magic_quotes_gpc" is disabled. NOTE: The vulnerabilities can further be exploited to conduct cross-site scripting attacks via SQL error messages. The vulnerabilities are confirmed in version 3.2.1. Other versions may also be affected. SOLUTION: Update to version 3.2.2. PROVIDED AND/OR DISCOVERED BY: Russ McRee, via Secunia. Additional information provided by Secunia Research. ORIGINAL ADVISORY: LightNEasy: http://www.lightneasy.org/punbb/viewtopic.php?id=1207 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 7 14:23:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 7 Dec 2010 23:23:43 +0100 Subject: [SEC] [SA42425] D-Link DIR Routers "bsc_lan.php" Security Issue Message-ID: <201012072223.oB7MNhJt002223@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: D-Link DIR Routers "bsc_lan.php" Security Issue SECUNIA ADVISORY ID: SA42425 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42425/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42425 RELEASE DATE: 2010-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/42425/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42425/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42425 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Craig Heffner has reported a security issue in multiple D-Link DIR routers, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable device. The security issue is caused due to the device not properly restricting access to the "bsc_lan.php" script. This can be exploited to access the administrative interface by setting the "NO_NEED_AUTH" parameter to "1" and "AUTH_GROUP" parameter to "0" in web requests. This may be related to vulnerability #5: SA33692 SOLUTION: Restrict access to trusted hosts only (e.g. via network access control lists). PROVIDED AND/OR DISCOVERED BY: Craig Heffner ORIGINAL ADVISORY: http://www.devttys0.com/wp-content/uploads/2010/12/dlink_php_vulnerability.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 7 14:44:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 7 Dec 2010 23:44:41 +0100 Subject: [SEC] [SA42530] VMware ESX Console OS (COS) bzip2 Integer Overflow Vulnerability Message-ID: <201012072244.oB7MifYf023295@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: VMware ESX Console OS (COS) bzip2 Integer Overflow Vulnerability SECUNIA ADVISORY ID: SA42530 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42530/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42530 RELEASE DATE: 2010-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/42530/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42530/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42530 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: VMware has acknowledged a vulnerability in the bzip2 Console OS (COS) packages, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerability is caused due to an integer overflow in the "BZ2_decompress()" function in decompress.c. For more information: SA41452 The vulnerability is reported in VMware ESX Server 4.0 and 4.1. SOLUTION: Patches are currently pending. ORIGINAL ADVISORY: VMSA-2010-0019: http://lists.vmware.com/pipermail/security-announce/2010/000113.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 7 15:16:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 8 Dec 2010 00:16:48 +0100 Subject: [SEC] [SA42467] VMware ESX Console OS (COS) Update for openssl Message-ID: <201012072316.oB7NGmsf012503@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: VMware ESX Console OS (COS) Update for openssl SECUNIA ADVISORY ID: SA42467 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42467/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42467 RELEASE DATE: 2010-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/42467/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42467/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42467 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: VMware has issued an update for the Console OS (COS) openssl packages. This fixes some vulnerabilities, which can be exploited by malicious people to manipulate certain data and cause a DoS (Denial of Service). For more information: SA34411 SA37291 SOLUTION: Apply patch if available. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: VMSA-2010-0019: http://lists.vmware.com/pipermail/security-announce/2010/000113.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 7 15:47:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 8 Dec 2010 00:47:33 +0100 Subject: [SEC] [SA42468] PHP Easy Forum (phpKF) Cross-Site Request Forgery Vulnerability Message-ID: <201012072347.oB7NlXKG001494@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: PHP Easy Forum (phpKF) Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA42468 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42468/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42468 RELEASE DATE: 2010-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/42468/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42468/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42468 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in PHP Easy Forum (phpKF), which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change a user's profile by tricking the logged in user into visiting a malicious web site. The vulnerability is confirmed in version 1.80. Other versions may also be affected. SOLUTION: Do not browse untrusted websites while being logged in to the application. PROVIDED AND/OR DISCOVERED BY: FreWaL ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/15685/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 7 16:13:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 8 Dec 2010 01:13:08 +0100 Subject: [SEC] [SA42483] MODx Cross-Site Scripting Vulnerability Message-ID: <201012080013.oB80D8dr022783@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: MODx Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42483 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42483/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42483 RELEASE DATE: 2010-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/42483/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42483/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42483 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in MODx, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "email" and "username" POST parameters to manager/index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 2.0.4-pl2. Other versions may also be affected. SOLUTION: Fixed in the git repository. PROVIDED AND/OR DISCOVERED BY: Gjoko Krstic, Zero Science Lab ORIGINAL ADVISORY: MODx http://bugs.modx.com/issues/2918 ZSL-2010-4982: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4982.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 7 16:48:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 8 Dec 2010 01:48:08 +0100 Subject: [SEC] [SA42433] WordPress Comment Rating Plugin Cross-Site Request Forgery Vulnerability Message-ID: <201012080048.oB80m8rL012037@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: WordPress Comment Rating Plugin Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA42433 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42433/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42433 RELEASE DATE: 2010-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/42433/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42433/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42433 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Comment Rating plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain unspecified actions by tricking an administrative user into visiting a malicious web site. The vulnerability is reported in versions prior to 2.9.21. SOLUTION: Update to version 2.9.21. PROVIDED AND/OR DISCOVERED BY: The vendor credits krebsonsecurity.com. ORIGINAL ADVISORY: http://wordpress.org/extend/plugins/comment-rating/changelog/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 7 17:17:51 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 8 Dec 2010 02:17:51 +0100 Subject: [SEC] [SA42496] NorduGrid Advanced Resource Connector LD_LIBRARY_PATH Security Issue Message-ID: <201012080117.oB81Hpqd000986@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: NorduGrid Advanced Resource Connector LD_LIBRARY_PATH Security Issue SECUNIA ADVISORY ID: SA42496 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42496/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42496 RELEASE DATE: 2010-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/42496/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42496/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42496 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in NorduGrid Advanced Resource Connector (ARC), which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to certain scripts incorrectly setting the environment variable LD_LIBRARY_PATH. This can be exploited to gain escalated privileges e.g. by tricking a user into running the scripts in a directory containing a malicious library. SOLUTION: Update to version 0.8.3. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.nordugrid.org/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 7 17:44:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 8 Dec 2010 02:44:32 +0100 Subject: [SEC] [SA42469] Slackware update for openssl Message-ID: <201012080144.oB81iWvO022313@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Slackware update for openssl SECUNIA ADVISORY ID: SA42469 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42469/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42469 RELEASE DATE: 2010-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/42469/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42469/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42469 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Slackware has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA42473 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SSA:2010-340-01: http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.668471 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 7 18:10:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 8 Dec 2010 03:10:26 +0100 Subject: [SEC] [SA42487] XOOPS xNews Module Cross-Site Scripting Vulnerabilities Message-ID: <201012080210.oB82AQAR011149@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: XOOPS xNews Module Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA42487 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42487/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42487 RELEASE DATE: 2010-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/42487/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42487/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42487 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in the xNews module for XOOPS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed e.g. via the URL to modules/xnews/article.php (when "storyid" is set to a valid value) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation of this vulnerability requires that the "Use enhanced page navigator" option is set and that "storyid" is set to a news article making use of this functionality. This is related to: SA42349 The vulnerabilities are confirmed in version 1.71RC. Other versions may also be affected. SOLUTION: Update to version 1.71 Final. PROVIDED AND/OR DISCOVERED BY: Stefano Angaran, reported via Secunia. ORIGINAL ADVISORY: xNews: http://www.2rcnova.net/news.articles.12/xNews-171-Final.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 7 18:25:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 8 Dec 2010 03:25:44 +0100 Subject: [SEC] [SA42475] Winamp MIDI Plugin Unspecified Vulnerability Message-ID: <201012080225.oB82Pijp031902@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Winamp MIDI Plugin Unspecified Vulnerability SECUNIA ADVISORY ID: SA42475 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42475/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42475 RELEASE DATE: 2010-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/42475/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42475/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42475 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability with an unknown impact has been reported in Winamp. The vulnerability is caused due to an unspecified error in the "in_midi.dll" plugin. No further information is currently available. The vulnerability is reported in versions prior to 5.601. SOLUTION: Update to version 5.601. PROVIDED AND/OR DISCOVERED BY: The vendor credits Morten, kryptoslogic. ORIGINAL ADVISORY: http://forums.winamp.com/showthread.php?s=&threadid=159785 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 7 18:45:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 8 Dec 2010 03:45:48 +0100 Subject: [SEC] [SA42478] DotNetNuke "__VIEWSTATE" Cross-Site Scripting Vulnerability Message-ID: <201012080245.oB82jmAf020479@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: DotNetNuke "__VIEWSTATE" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42478 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42478/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42478 RELEASE DATE: 2010-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/42478/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42478/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42478 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in DotNetNuke, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "__VIEWSTATE" parameter in Install/InstallWizard.aspx is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in version 5.05.01 and confirmed in version 5.06.00 (Community Edition). Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Richard Brain, ProCheckUp Ltd ORIGINAL ADVISORY: PR10-19: http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-19 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 7 19:18:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 8 Dec 2010 04:18:20 +0100 Subject: [SEC] [SA42389] IceWarp Server Multiple Vulnerabilities Message-ID: <201012080318.oB83IKKa010099@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IceWarp Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42389 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42389/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42389 RELEASE DATE: 2010-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/42389/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42389/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42389 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in IceWarp Server, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks or to disclose potentially sensitive information. 1) Input passed via the "_c" to webmail/basic/index.html and via the "script" parameter to webmail/basic/minimizer/index.php is not properly sanitised before being used. This can be exploited to read arbitrary files on an affected system via directory traversal attacks. 2) Input passed via the "_dlg[captcha][controller]", "_dlg[captcha][action]", "_dlg[captcha][uid]", and "password" parameters to webmail/basic/ is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed via the "username" parameter to admin/login.html is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. SOLUTION: Update to version 10.2.1. PROVIDED AND/OR DISCOVERED BY: Ron Ott and Mike Schneider, GO OUT Production GmbH and Thomas Wittmann, Wittmann Security Consulting ORIGINAL ADVISORY: http://www.icewarp.com/company/news/#40 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 7 19:46:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 8 Dec 2010 04:46:20 +0100 Subject: [SEC] [SA42463] Aigaion "ID" SQL Injection Vulnerability Message-ID: <201012080346.oB83kKaD031435@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Aigaion "ID" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42463 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42463/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42463 RELEASE DATE: 2010-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/42463/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42463/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42463 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Aigaion, which can be exploited by malicious users to conduct SQL injection attacks. Input passed via the "ID" parameter to indexlight.php (when "page" is set to "export", "type" is set to "single", and "format" is set to "RIS") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.3.4. Other versions may also be affected. SOLUTION: Upgrade to version 2.2. PROVIDED AND/OR DISCOVERED BY: KnocKout OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 7 20:10:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 8 Dec 2010 05:10:54 +0100 Subject: [SEC] [SA42446] Red Hat update for quagga Message-ID: <201012080410.oB84AsON020211@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for quagga SECUNIA ADVISORY ID: SA42446 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42446/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42446 RELEASE DATE: 2010-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/42446/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42446/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42446 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for quagga. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA41038 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0945-1: https://rhn.redhat.com/errata/RHSA-2010-0945.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 7 20:44:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 8 Dec 2010 05:44:44 +0100 Subject: [SEC] [SA42499] HP-UX Threaded Processes Denial of Service Vulnerability Message-ID: <201012080444.oB84iit1009401@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HP-UX Threaded Processes Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42499 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42499/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42499 RELEASE DATE: 2010-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/42499/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42499/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42499 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP-UX, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error. No further information is currently available. The vulnerability is reported in HP-UX B.11.11, B.11.23, and B.11.31 running threaded processes. SOLUTION: Apply patches (please contact HP support). Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBUX02611 SSRT090201: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02586517 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 7 21:09:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 8 Dec 2010 06:09:33 +0100 Subject: [SEC] [SA42349] XOOPS News Module Cross-Site Scripting Vulnerabilities Message-ID: <201012080509.oB859XHq030581@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: XOOPS News Module Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA42349 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42349/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42349 RELEASE DATE: 2010-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/42349/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42349/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42349 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in the News module for XOOPS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed e.g. via the URL to modules/news/article.php (when "storyid" is set to a valid value) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation of this vulnerability requires that the "Use enhanced page navigator" option is set and that "storyid" is set to a news article making use of this functionality. The vulnerabilities are confirmed in version 1.66. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Originally reported by Stefano Angaran in the xNews module for XOOPS. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 8 10:30:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 8 Dec 2010 19:30:19 +0100 Subject: [SEC] [SA42493] Ubuntu update for openssl Message-ID: <201012081830.oB8IUJGm021917@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for openssl SECUNIA ADVISORY ID: SA42493 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42493/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42493 RELEASE DATE: 2010-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/42493/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42493/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42493 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA42473 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1029-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-December/001210.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 8 11:30:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 8 Dec 2010 20:30:24 +0100 Subject: [SEC] [SA42545] WordPress Processing Embed Plugin "pluginurl" Cross-Site Scripting Vulnerability Message-ID: <201012081930.oB8JUOst012294@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: WordPress Processing Embed Plugin "pluginurl" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42545 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42545/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42545 RELEASE DATE: 2010-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/42545/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42545/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42545 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Processing Embed plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "pluginurl" parameter to wp-content/plugins/wordpress-processing-embed/data/popup.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 0.5. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: John Leitch: http://www.johnleitch.net/Vulnerabilities/WordPress.Processing.Embed.0.5.Reflected.Cross-site.Scripting/65 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 8 12:30:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 8 Dec 2010 21:30:17 +0100 Subject: [SEC] [SA42548] Altova Multiple Products Insecure Library Loading Vulnerability Message-ID: <201012082030.oB8KUHN9002615@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Altova Multiple Products Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA42548 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42548/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42548 RELEASE DATE: 2010-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/42548/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42548/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42548 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in multiple Altova products, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a DBDIF (DiffDog), QPRJ (DatabaseSpy), or MFD (MapForce) file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 2011 Enterprise Edition SP1. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Reported in an exploit module for CORE IMPACT, Core Security Technologies. ORIGINAL ADVISORY: http://www.coresecurity.com/content/altova-diffdog-2011-dwmapi-dll-hijacking-exploit-10-5 http://www.coresecurity.com/content/altova-databasespy-2011-dwmapi-dll-hijacking-exploit-10-5 http://www.coresecurity.com/content/altova-mapforce-2011-enterprise-edition-dwmapi-dll-hijacking-exploit-10-5 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 8 13:30:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 8 Dec 2010 22:30:16 +0100 Subject: [SEC] [SA42550] Avaya CMS Solaris Network File System "nfs_portmon" Tunable Vulnerability Message-ID: <201012082130.oB8LUGba025405@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Avaya CMS Solaris Network File System "nfs_portmon" Tunable Vulnerability SECUNIA ADVISORY ID: SA42550 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42550/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42550 RELEASE DATE: 2010-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/42550/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42550/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42550 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Avaya has acknowledged a vulnerability in Avaya CMS, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA35672 SOLUTION: Apply r15ab.j or r15auxab.j or later. ORIGINAL ADVISORY: ASA-2009-273: https://support.avaya.com/css/P8/documents/100058487 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 8 14:24:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 8 Dec 2010 23:24:36 +0100 Subject: [SEC] [SA42540] Epson LP-S7100 / LP-S9000 Drivers Insecure Default Permissions Message-ID: <201012082224.oB8MOaJH015512@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Epson LP-S7100 / LP-S9000 Drivers Insecure Default Permissions SECUNIA ADVISORY ID: SA42540 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42540/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42540 RELEASE DATE: 2010-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/42540/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42540/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42540 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Epson LP-S7100 / LP-S9000 drivers, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to insecure default permissions ("Everyone" group with "Full Control") being set on "C:\Program Files" and its sub-folders. This can be exploited to overwrite arbitrary files in these folders. The security issue is reported in the following versions: * LP-S7100 32bit edition versions 4.1.0fi through 4.1.7fi * LP-S7100 64bit edition versions 4.1.0hi through 4.1.7hi * LP-S9000 32bit edition versions 4.1.0fc through 4.1.11fc * LP-S9000 64bit edition versions 4.1.0hc through 4.1.11hc SOLUTION: Update to a patched version and reset permissions. Please see the vendor's advisory for more details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.epson.jp/support/misc/lps7100_9000/index.htm OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 8 14:45:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 8 Dec 2010 23:45:22 +0100 Subject: [SEC] [SA42497] Ubuntu update for imagemagick Message-ID: <201012082245.oB8MjMtP004085@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for imagemagick SECUNIA ADVISORY ID: SA42497 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42497/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42497 RELEASE DATE: 2010-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/42497/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42497/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42497 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for imagemagick. This fixes a weakness, which can be exploited by malicious, local users to gain escalated privileges. The weakness is caused due to ImageMagick looking for configuration files in the current directory, which can be exploited to execute arbitrary code with the privileges of another user by e.g. tricking the user into running ImageMagick in a directory containing malicious configuration files. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1028-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-December/001209.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 8 15:16:52 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 9 Dec 2010 00:16:52 +0100 Subject: [SEC] [SA42498] Ubuntu update for quagga Message-ID: <201012082316.oB8NGqiN025693@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for quagga SECUNIA ADVISORY ID: SA42498 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42498/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42498 RELEASE DATE: 2010-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/42498/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42498/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42498 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for quagga. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA41038 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1027-1: http://www.ubuntu.com/usn/usn-1027-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 8 15:47:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 9 Dec 2010 00:47:48 +0100 Subject: [SEC] [SA42552] Exponent CMS "module" Local File Inclusion Vulnerabilities Message-ID: <201012082347.oB8Nlm16014744@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Exponent CMS "module" Local File Inclusion Vulnerabilities SECUNIA ADVISORY ID: SA42552 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42552/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42552 RELEASE DATE: 2010-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/42552/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42552/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42552 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered some vulnerabilities in Exponent CMS, which can be exploited by malicious people to disclose sensitive information. Input passed via the "module" parameter to podcast.php and rss.php is not properly verified before being used to include files. This can be exploited to include arbitrary file from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerabilities are confirmed in version 2.0.0pr2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22717: http://www.htbridge.ch/advisory/lfi_in_exponent_cms.html HTB22718: http://www.htbridge.ch/advisory/lfi_in_exponent_cms_1.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 8 16:13:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 9 Dec 2010 01:13:08 +0100 Subject: [SEC] [SA42547] GNU C Library "regcomp()" Stack Overflow Denial of Service Message-ID: <201012090013.oB90D88s003542@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: GNU C Library "regcomp()" Stack Overflow Denial of Service SECUNIA ADVISORY ID: SA42547 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42547/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42547 RELEASE DATE: 2010-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/42547/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42547/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42547 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the GNU C Library, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a stack overflow within the implementation of the "regcomp()" function when processing certain regular expressions, which can be exploited to cause a crash in an application using this function on specially crafted regular expressions. The vulnerability is confirmed in version 2.12.1. Other versions may also be affected. SOLUTION: Do not use the "regcomp()" function on untrusted input. PROVIDED AND/OR DISCOVERED BY: US-CERT credits Maksymilian Arciemowicz. ORIGINAL ADVISORY: US-CERT VU#912279: http://www.kb.cert.org/vuls/id/912279 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 8 16:47:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 9 Dec 2010 01:47:39 +0100 Subject: [SEC] [SA42537] Red Hat update for apr-util Message-ID: <201012090047.oB90ldHl025161@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for apr-util SECUNIA ADVISORY ID: SA42537 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42537/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42537 RELEASE DATE: 2010-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/42537/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42537/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42537 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for apr-util. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA41701 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0950-1: https://rhn.redhat.com/errata/RHSA-2010-0950.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 8 17:14:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 9 Dec 2010 02:14:19 +0100 Subject: [SEC] [SA42544] WordPress Safe Search Plugin "v1" Cross-Site Scripting Vulnerability Message-ID: <201012090114.oB91EJNV014036@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: WordPress Safe Search Plugin "v1" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42544 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42544/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42544 RELEASE DATE: 2010-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/42544/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42544/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42544 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Safe Search plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "v1" parameter to wp-content/plugins/wp-safe-search/wp-safe-search-jx.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 0.7. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: John Leitch: http://www.johnleitch.net/Vulnerabilities/WordPress.Safe.Search.0.7.Reflected.Cross-site.Scripting/66 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 8 17:45:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 9 Dec 2010 02:45:22 +0100 Subject: [SEC] [SA42521] bareFTP LD_LIBRARY_PATH Security Issue Message-ID: <201012090145.oB91jM4I003073@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: bareFTP LD_LIBRARY_PATH Security Issue SECUNIA ADVISORY ID: SA42521 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42521/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42521 RELEASE DATE: 2010-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/42521/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42521/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42521 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in bareFTP, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to the "bareftp" script incorrectly setting the environment variable LD_LIBRARY_PATH. This can be exploited to gain escalated privileges e.g. by tricking a user into running the script in a directory containing a malicious library. SOLUTION: Update to version 0.3.6. PROVIDED AND/OR DISCOVERED BY: Raphael Geissert ORIGINAL ADVISORY: bareFTP: http://gitorious.org/bareftp/bareftp/blobs/15489abdb4c698cf832e95184bfe769a1ba70238/ChangeLog Raphael Geissert: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598284 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 8 18:10:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 9 Dec 2010 03:10:47 +0100 Subject: [SEC] [SA42522] Fedora update for bind Message-ID: <201012090210.oB92AlfH024305@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for bind SECUNIA ADVISORY ID: SA42522 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42522/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42522 RELEASE DATE: 2010-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/42522/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42522/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42522 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for bind. This fixes a weakness and a vulnerability, which can be exploited by malicious people to manipulate certain data and cause a DoS (Denial of Service). For more information: SA42374 SA42435 SOLUTION: Apply updated packages via the yum utility ("yum update bind bind-dyndb-ldap dnsperf"). ORIGINAL ADVISORY: FEDORA-2010-18521: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051910.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051911.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051914.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 8 18:45:06 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 9 Dec 2010 03:45:06 +0100 Subject: [SEC] [SA42538] Fedora update for bareftp Message-ID: <201012090245.oB92j6E2013513@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for bareftp SECUNIA ADVISORY ID: SA42538 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42538/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42538 RELEASE DATE: 2010-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/42538/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42538/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42538 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for bareftp. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA42521 SOLUTION: Apply updated packages via the yum utility ("yum update bareftp"). ORIGINAL ADVISORY: FEDORA-2010-18310: https://admin.fedoraproject.org/updates/bareftp-0.3.7-1.fc14 FEDORA-2010-18323: https://admin.fedoraproject.org/updates/bareftp-0.3.7-1.fc13 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 8 19:13:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 9 Dec 2010 04:13:58 +0100 Subject: [SEC] [SA42523] Fedora update for clamav Message-ID: <201012090313.oB93Dw0R002934@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for clamav SECUNIA ADVISORY ID: SA42523 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42523/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42523 RELEASE DATE: 2010-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/42523/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42523/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42523 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for clamav. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA42426 SOLUTION: Apply updated packages using the yum utility ("yum update clamav"). ORIGINAL ADVISORY: FEDORA-2010-18568: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051905.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 8 19:44:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 9 Dec 2010 04:44:14 +0100 Subject: [SEC] [SA42489] Babylon Insecure Library Loading Vulnerability Message-ID: <201012090344.oB93iElu024374@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Babylon Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA42489 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42489/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42489 RELEASE DATE: 2010-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/42489/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42489/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42489 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Locu has discovered a vulnerability in Babylon, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. BESExtension.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a BGL file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 8.1.0 r16. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Locu ORIGINAL ADVISORY: http://xlocux.wordpress.com/2010/11/22/babylon-pro-8-xx-dll-hijacking/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 8 20:09:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 9 Dec 2010 05:09:04 +0100 Subject: [SEC] [SA42513] Fedora update for kernel Message-ID: <201012090409.oB9494Lv013165@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for kernel SECUNIA ADVISORY ID: SA42513 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42513/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42513 RELEASE DATE: 2010-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/42513/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42513/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42513 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for kernel. This fixes one vulnerability and some weaknesses, which can be exploited by malicious, local users to disclose sensitive information and bypass certain security restrictions. For more information: SA41263 SA41440 SA42061 SA42126 SOLUTION: Apply updated packages using the yum utility ("yum update kernel"). ORIGINAL ADVISORY: FEDORA-2010-18506: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051902.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 8 20:23:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 9 Dec 2010 05:23:13 +0100 Subject: [SEC] [SA42520] WWWThreads "act" Cross-Site Scripting Vulnerability Message-ID: <201012090423.oB94ND0j001403@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: WWWThreads "act" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42520 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42520/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42520 RELEASE DATE: 2010-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/42520/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42520/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42520 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in WWWThreads, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "act" parameter to play.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in the version downloaded on 2010-12-08. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Aliaksandr Hartsuyeu, eVuln ORIGINAL ADVISORY: EV0155: http://evuln.com/vulns/155/description.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 8 20:44:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 9 Dec 2010 05:44:12 +0100 Subject: [SEC] [SA42500] Ubuntu update for paste Message-ID: <201012090444.oB94iCJV022455@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for paste SECUNIA ADVISORY ID: SA42500 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42500/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42500 RELEASE DATE: 2010-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/42500/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42500/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42500 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for paste. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA40408 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1026-1: http://www.ubuntu.com/usn/usn-1026-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 8 21:09:56 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 9 Dec 2010 06:09:56 +0100 Subject: [SEC] [SA42539] Movable Type Cross-Site Scripting and SQL Injection Vulnerabilities Message-ID: <201012090509.oB959u9l011268@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Movable Type Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA42539 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42539/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42539 RELEASE DATE: 2010-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/42539/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42539/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42539 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Movable Type, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported versions prior to 4.35 and 5.04. SOLUTION: Update to version 4.35 or 5.04. PROVIDED AND/OR DISCOVERED BY: Reported the vendor. ORIGINAL ADVISORY: http://www.movabletype.org/documentation/appendices/release-notes/movable-type-504-435-release-notes.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 8 21:23:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 9 Dec 2010 06:23:21 +0100 Subject: [SEC] [SA42541] Injader Multiple SQL Injection Vulnerabilities Message-ID: <201012090523.oB95NLDZ031942@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Injader Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA42541 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42541/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42541 RELEASE DATE: 2010-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/42541/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42541/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42541 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in Injader, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "un" and "pw" parameters to login.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. NOTE: This can further be exploited to bypass the log-in mechanism. The vulnerabilities are confirmed in version 2.4.4. Other versions may also be affected. SOLUTION: Use another product. PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: John Leitch: http://www.johnleitch.net/Vulnerabilities/Injader.2.4.4.SQL.Injection/69 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 9 10:30:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 9 Dec 2010 19:30:02 +0100 Subject: [SEC] [SA39514] Citrix Web Interface Unspecified Cross-Site Scripting Vulnerability Message-ID: <201012091830.oB9IU2Um022624@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Citrix Web Interface Unspecified Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA39514 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39514/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39514 RELEASE DATE: 2010-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/39514/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39514/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39514 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Citrix Web Interface, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions 5.0, 5.1, and 5.3. SOLUTION: Update to version 5.4. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://support.citrix.com/article/CTX127541 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 9 11:30:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 9 Dec 2010 20:30:33 +0100 Subject: [SEC] [SA42474] Fedora update for bind Message-ID: <201012091930.oB9JUXg6013009@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for bind SECUNIA ADVISORY ID: SA42474 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42474/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42474 RELEASE DATE: 2010-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/42474/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42474/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42474 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for bind. This fixes a weakness and some vulnerabilities, which can be exploited by malicious people to manipulate certain data, bypass certain security restrictions, and cause a DoS (Denial of Service). For more information: SA42374 SA42435 SA42458 SOLUTION: Apply updated packages using the yum utility ("yum update bind"). ORIGINAL ADVISORY: FEDORA-2010-18469: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051963.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 9 12:42:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 9 Dec 2010 21:42:22 +0100 Subject: [SEC] [SA42554] Oracle Solaris Pidgin Multiple Denial of Service Weaknesses Message-ID: <201012092042.oB9KgMHS021136@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Oracle Solaris Pidgin Multiple Denial of Service Weaknesses SECUNIA ADVISORY ID: SA42554 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42554/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42554 RELEASE DATE: 2010-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/42554/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42554/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42554 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged some weaknesses in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA39801 SA40699 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: http://blogs.sun.com/security/entry/cve_2010_2528_cve_2010 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 9 13:30:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 9 Dec 2010 22:30:09 +0100 Subject: [SEC] [SA42534] Joomla! JXtended Comments Component Cross-Site Scripting Vulnerabilities Message-ID: <201012092130.oB9LU9Dk020115@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Joomla! JXtended Comments Component Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA42534 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42534/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42534 RELEASE DATE: 2010-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/42534/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42534/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42534 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in the JXtended Comments component for Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in versions prior to 1.3.1. SOLUTION: Update to version 1.3.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://jxtended.com/blog/releases/375-jxtended-comments-131-stable-released.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 9 14:24:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 9 Dec 2010 23:24:41 +0100 Subject: [SEC] [SA42553] WordPress XML-RPC Remote Publishing Interface Security Issue Message-ID: <201012092224.oB9MOf2s010228@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: WordPress XML-RPC Remote Publishing Interface Security Issue SECUNIA ADVISORY ID: SA42553 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42553/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42553 RELEASE DATE: 2010-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/42553/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42553/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42553 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in WordPress, which can be exploited by malicious users to bypass certain security restrictions. The security issue is caused due to the XML-RPC remote publishing interface not properly enforcing access control restrictions for editing, publishing, or deleting posts. Successful exploitation of this security issue requires "Author level" or "Contributor level" permissions and that remote publishing is enabled. The security issue is reported in versions prior to 3.0.3. SOLUTION: Update to version 3.0.3. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: WordPress: http://wordpress.org/news/2010/12/wordpress-3-0-3/ http://codex.wordpress.org/Version_3.0.3 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 9 14:45:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 9 Dec 2010 23:45:16 +0100 Subject: [SEC] [SA42514] HP-UX update for Apache Message-ID: <201012092245.oB9MjGWK031216@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HP-UX update for Apache SECUNIA ADVISORY ID: SA42514 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42514/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42514 RELEASE DATE: 2010-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/42514/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42514/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42514 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: HP has issued an update for Apache in HP-UX. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, by malicious users and malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service), and by malicious people to conduct cross-site scripting attacks. For more information: SA21172 SA27906 SA35261 SA35284 SA35691 SA35781 SA40206 The vulnerabilities are reported in HP-UX B.11.11, B.11.23, B.11.31 running Apache-based Web Server versions prior to 2.0.63.01. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: HPSBUX02612 SSRT100345: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02579879 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 9 15:18:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 10 Dec 2010 00:18:13 +0100 Subject: [SEC] [SA42563] SUSE Update for Multiple Packages Message-ID: <201012092318.oB9NIDv6020475@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SUSE Update for Multiple Packages SECUNIA ADVISORY ID: SA42563 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42563/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42563 RELEASE DATE: 2010-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/42563/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42563/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42563 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for multiple packages. This fixes some security issues and vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges, and by malicious people to bypass certain security restrictions, disclose system and potentially sensitive information, conduct spoofing attacks, cause a DoS (Denial of Service), and potentially compromise a vulnerable system. For more information: SA26480 SA37977 SA40165 SA41158 SA41706 SA41724 SA42175 SA42396 1) A security issue is caused due to OpenJDK allowing untrusted applications and applets to read system properties e.g. "user.name", "user.home", and "java.home". 2) An error within Epiphany when indicating the status of HTTPS connections can be exploited to e.g. conduct spoofing attacks. SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SR:2010:023: http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00000.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 9 15:48:56 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 10 Dec 2010 00:48:56 +0100 Subject: [SEC] [SA42542] WordPress Twitter Feed Plugin "url" Cross-Site Scripting Vulnerability Message-ID: <201012092348.oB9NmuQ4009515@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: WordPress Twitter Feed Plugin "url" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42542 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42542/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42542 RELEASE DATE: 2010-12-10 DISCUSS ADVISORY: http://secunia.com/advisories/42542/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42542/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42542 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Twitter Feed plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "url" parameter to wp-content/plugins/wp-twitter-feed/magpie/scripts/magpie_debug.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 0.3.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: John Leitch: http://www.johnleitch.net/Vulnerabilities/WordPress.Twitter.Feed.0.3.1.Reflected.Cross-site.Scripting/68 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 9 16:17:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 10 Dec 2010 01:17:32 +0100 Subject: [SEC] [SA42470] Red Hat update for kernel-rt Message-ID: <201012100017.oBA0HWid030879@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for kernel-rt SECUNIA ADVISORY ID: SA42470 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42470/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42470 RELEASE DATE: 2010-12-10 DISCUSS ADVISORY: http://secunia.com/advisories/42470/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42470/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42470 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for kernel-rt. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious local users to disclose system and potentially sensitive information, gain escalated privileges, or cause a DoS (Denial of Service), and by malicious people to cause a DoS. For more information: SA41002 SA41263 SA41440 SA41493 SA41650 SA41693 SA42035 SA42061 SA42126 SA42172 SA42187 SA42225 SA42378 SA42394 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0958-1: https://rhn.redhat.com/errata/RHSA-2010-0958.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 9 16:47:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 10 Dec 2010 01:47:39 +0100 Subject: [SEC] [SA42477] Fedora update for phpMyAdmin Message-ID: <201012100047.oBA0ld0X019886@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for phpMyAdmin SECUNIA ADVISORY ID: SA42477 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42477/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42477 RELEASE DATE: 2010-12-10 DISCUSS ADVISORY: http://secunia.com/advisories/42477/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42477/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42477 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for phpMyAdmin. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA42408 SOLUTION: Apply updated packages using the yum utility ("yum update phpMyAdmin"). ORIGINAL ADVISORY: FEDORA-2010-18371 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051956.html FEDORA-2010-18343: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051942.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 9 17:13:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 10 Dec 2010 02:13:42 +0100 Subject: [SEC] [SA39608] IBM WebSphere Commerce Outbound Messaging System Information Disclosure Message-ID: <201012100113.oBA1DgZq008730@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM WebSphere Commerce Outbound Messaging System Information Disclosure SECUNIA ADVISORY ID: SA39608 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39608/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39608 RELEASE DATE: 2010-12-10 DISCUSS ADVISORY: http://secunia.com/advisories/39608/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39608/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39608 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM WebSphere Commerce, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an error in the outbound messaging system when accessing the "RunTimeProfileCacheCmdImpl" class and can be exploited to send messages to an unintended recipient. The vulnerability is reported in versions prior to 7.0 Fix Pack 2 (7.0.0.2). SOLUTION: Update to version 7.0 Fix Pack 2 (7.0.0.2) or apply APAR JR38114. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (JR38114): http://www-01.ibm.com/support/docview.wss?uid=swg24028397 http://www-01.ibm.com/support/docview.wss?uid=swg1JR38114 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 9 17:46:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 10 Dec 2010 02:46:58 +0100 Subject: [SEC] [SA42551] Drupal Who Bought What|Ubercart Multiple Vulnerabilities Message-ID: <201012100146.oBA1kw5Y030288@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Drupal Who Bought What|Ubercart Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42551 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42551/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42551 RELEASE DATE: 2010-12-10 DISCUSS ADVISORY: http://secunia.com/advisories/42551/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42551/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42551 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in the Who Bought What|Ubercart module for Drupal, which can be exploited by malicious users to conduct script insertion and SQL injection attacks or bypass certain security restrictions. 1) Certain unspecified input is not properly sanitised before being displayed to the user. This can be exploited to insert HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 2) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 3) An error in the handling of access permissions can be exploited to view the titles of otherwise restricted nodes. Successful exploitation of this vulnerability requires "view uc_who_bought_what" permissions. The vulnerabilities are reported in versions prior to 6.x-2.11. SOLUTION: Update to version 6.x-2.11. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1, 3) The vendor credits mr.baileys, Drupal.org Security Team. 2) The vendor credits Mark Styles. ORIGINAL ADVISORY: SA-CONTRIB-2010-108: http://drupal.org/node/992900 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 9 18:14:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 10 Dec 2010 03:14:10 +0100 Subject: [SEC] [SA42455] phpRechnung Security Bypass Vulnerabilities Message-ID: <201012100214.oBA2EApt019175@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: phpRechnung Security Bypass Vulnerabilities SECUNIA ADVISORY ID: SA42455 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42455/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42455 RELEASE DATE: 2010-12-10 DISCUSS ADVISORY: http://secunia.com/advisories/42455/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42455/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42455 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in phpRechnung, which can be exploited by malicious people to bypass certain security restrictions. The vulnerabilities are caused due to e.g. the "CheckUser()", "CheckAdmin()", and "CheckAdminGroup2()" functions in include/phprechnung.inc.php not properly restricting access to users or administrators, which can be exploited to e.g. access certain functionality without being properly authenticated. The vulnerabilities are reported in versions prior to 1.6.1. SOLUTION: Update to version 1.6.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.loenshotel.de/phpRechnung/ChangeLog.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 9 18:45:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 10 Dec 2010 03:45:59 +0100 Subject: [SEC] [SA42562] SUSE update for acroread Message-ID: <201012100245.oBA2jxlD008278@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SUSE update for acroread SECUNIA ADVISORY ID: SA42562 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42562/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42562 RELEASE DATE: 2010-12-10 DISCUSS ADVISORY: http://secunia.com/advisories/42562/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42562/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42562 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for acroread. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA42030 SA42095 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SA:2010:058: http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00001.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 9 19:15:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 10 Dec 2010 04:15:54 +0100 Subject: [SEC] [SA42471] Fedora update for krb5 Message-ID: <201012100315.oBA3FsKN031321@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for krb5 SECUNIA ADVISORY ID: SA42471 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42471/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42471 RELEASE DATE: 2010-12-10 DISCUSS ADVISORY: http://secunia.com/advisories/42471/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42471/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42471 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for krb5. This fixes multiple vulnerabilities, which can be exploited by malicious users and malicious people to conduct spoofing attacks and bypass certain security features. For more information: SA42396 SOLUTION: Apply updated packages using the yum utility ("yum update krb5"). ORIGINAL ADVISORY: FEDORA-2010-18409: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/051976.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 10 10:30:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 10 Dec 2010 19:30:13 +0100 Subject: [SEC] [SA42546] Helix Server Cross-Site Request Forgery Vulnerability Message-ID: <201012101830.oBAIUDNt012755@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Helix Server Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA42546 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42546/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42546 RELEASE DATE: 2010-12-10 DISCUSS ADVISORY: http://secunia.com/advisories/42546/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42546/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42546 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered a vulnerability in Helix Server, which can be exploited by malicious people to conduct cross-site request forgery attacks. The web-based administration interface allows users to perform certain actions via HTTP requests without performing any validation checks to verify the requests. This can be exploited to e.g. add a user to a realm e.g. when a logged-in administrative user visits a specially crafted web site. Successful exploitation requires knowledge of the admin interface port and the Realm ID. The vulnerability is confirmed in version 14.0.1.571. Other versions may also be affected. SOLUTION: Do not browse untrusted sites or follow untrusted links while being logged-in to the web-based administration interface. PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: http://www.johnleitch.net/Vulnerabilities/Helix.Server.Cross-site.Request.Forgery/64 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 10 11:30:53 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 10 Dec 2010 20:30:53 +0100 Subject: [SEC] [SA42518] Mozilla SeaMonkey Multiple Vulnerabilities Message-ID: <201012101930.oBAJUrJf003139@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Mozilla SeaMonkey Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42518 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42518/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42518 RELEASE DATE: 2010-12-10 DISCUSS ADVISORY: http://secunia.com/advisories/42518/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42518/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42518 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and some vulnerabilities have been reported in Mozilla SeaMonkey, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user's system. For more information: SA42517 The weakness and the vulnerabilities are reported in versions prior to 2.0.11. SOLUTION: Update to version 2.0.11. ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2010/mfsa2010-74.html http://www.mozilla.org/security/announce/2010/mfsa2010-75.html http://www.mozilla.org/security/announce/2010/mfsa2010-76.html http://www.mozilla.org/security/announce/2010/mfsa2010-77.html http://www.mozilla.org/security/announce/2010/mfsa2010-78.html http://www.mozilla.org/security/announce/2010/mfsa2010-79.html http://www.mozilla.org/security/announce/2010/mfsa2010-80.html http://www.mozilla.org/security/announce/2010/mfsa2010-81.html http://www.mozilla.org/security/announce/2010/mfsa2010-82.html http://www.mozilla.org/security/announce/2010/mfsa2010-83.html http://www.mozilla.org/security/announce/2010/mfsa2010-84.html ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-264/ http://www.zerodayinitiative.com/advisories/ZDI-10-265/ Michal Zalewski: http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0144.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 10 12:30:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 10 Dec 2010 21:30:21 +0100 Subject: [SEC] [SA42494] Drupal Media: Audio Flotsam Module Multiple Vulnerabilities Message-ID: <201012102030.oBAKULFo025885@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Drupal Media: Audio Flotsam Module Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42494 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42494/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42494 RELEASE DATE: 2010-12-10 DISCUSS ADVISORY: http://secunia.com/advisories/42494/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42494/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42494 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue and a vulnerability have been reported in the Media: Audio Flotsam module for Drupal, which can be exploited by malicious users to conduct script insertion attacks and to compromise a vulnerable system. This is related to: SA42549 The vulnerabilities are reported in versions prior to 6.x-1.1. SOLUTION: Update to version 6.x-1.1 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits Stella Power (stella). ORIGINAL ADVISORY: SA-CONTRIB-2010-109: http://drupal.org/node/992924 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 10 13:30:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 10 Dec 2010 22:30:23 +0100 Subject: [SEC] [SA42582] Oracle Solaris Adobe Flash Player Multiple Vulnerabilities Message-ID: <201012102130.oBALUNQV016261@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42582 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42582/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42582 RELEASE DATE: 2010-12-10 DISCUSS ADVISORY: http://secunia.com/advisories/42582/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42582/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42582 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged some vulnerabilities in Adobe Flash Player in Solaris, which can be exploited by malicious people to conduct click-jacking attacks or compromise a user's system. For more information: SA40907 SA41434 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: http://blogs.sun.com/security/entry/cve_2010_2884_vulnerability_in http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_adobe_flash OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 10 14:25:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 10 Dec 2010 23:25:03 +0100 Subject: [SEC] [SA42581] Oracle Solaris Thunderbird Multiple Vulnerabilities Message-ID: <201012102225.oBAMP3R3006391@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Oracle Solaris Thunderbird Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42581 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42581/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42581 RELEASE DATE: 2010-12-10 DISCUSS ADVISORY: http://secunia.com/advisories/42581/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42581/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42581 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged some vulnerabilities in Mozilla Thunderbird included in Solaris, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions and compromise a user's system. For more information: SA37682 SA39240 SA39242 SA40642 SA41244 SA41304 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_mozilla_thunderbird OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 10 14:45:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 10 Dec 2010 23:45:07 +0100 Subject: [SEC] [SA42362] Drupal Media: Video Flotsam Module Multiple Vulnerabilities Message-ID: <201012102245.oBAMj7wW027344@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Drupal Media: Video Flotsam Module Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42362 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42362/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42362 RELEASE DATE: 2010-12-10 DISCUSS ADVISORY: http://secunia.com/advisories/42362/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42362/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42362 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue and a vulnerability have been reported in the Media: Video Flotsam module for Drupal, which can be exploited by malicious users to conduct script insertion attacks and to compromise a vulnerable system. This is related to: SA42549 The vulnerabilities are reported in versions prior to 6.x-1.2. SOLUTION: Update to version 6.x-1.2 or later. PROVIDED AND/OR DISCOVERED BY: The vendor Stella Power (stella). ORIGINAL ADVISORY: SA-CONTRIB-2010-109: http://drupal.org/node/992924 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 10 15:21:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 11 Dec 2010 00:21:30 +0100 Subject: [SEC] [SA42556] Ubuntu update for firefox and xulrunner Message-ID: <201012102321.oBANLUd3016758@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for firefox and xulrunner SECUNIA ADVISORY ID: SA42556 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42556/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42556 RELEASE DATE: 2010-12-10 DISCUSS ADVISORY: http://secunia.com/advisories/42556/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42556/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42556 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for firefox and xulrunner. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user's system. For more information: SA42517 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1019-1: http://www.ubuntu.com/usn/usn-1019-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 10 15:48:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 11 Dec 2010 00:48:03 +0100 Subject: [SEC] [SA42485] PhpMyAdmin "error.php" Spoofing Weakness Message-ID: <201012102348.oBANm3NW005596@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: PhpMyAdmin "error.php" Spoofing Weakness SECUNIA ADVISORY ID: SA42485 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42485/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42485 RELEASE DATE: 2010-12-11 DISCUSS ADVISORY: http://secunia.com/advisories/42485/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42485/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42485 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been discovered in phpMyAdmin, which can be exploited by malicious people to conduct spoofing attacks. Input passed via the "type" and "error" parameters to error.php is not properly verified before being used. This can be exploited to render limited HTML content in a user's browser session in context of an affected site and e.g. conduct spoofing attacks. The weakness is confirmed in version 3.3.8.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Emanuele "emgent" Gentili, Marco "white_sheep" Rondini, and Alessandro "scox" Scoscia OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 10 16:14:15 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 11 Dec 2010 01:14:15 +0100 Subject: [SEC] [SA42549] Drupal Embedded Media Field Module Multiple Vulnerabilities Message-ID: <201012110014.oBB0EFrd026852@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Drupal Embedded Media Field Module Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42549 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42549/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42549 RELEASE DATE: 2010-12-11 DISCUSS ADVISORY: http://secunia.com/advisories/42549/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42549/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42549 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue and a vulnerability have been reported in the Embedded Field module for Drupal, which can be exploited by malicious users to conduct script insertion attacks and to compromise a vulnerable system. 1) Input passed via the audio or video path is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation of this vulnerability requires that the site has a content type with an embedded media field allowing users to upload custom thumbnails and the user has access to create or edit the content type. 2) The security issue is caused due to improper validation of uploaded files' extensions. This can be exploited to execute arbitrary PHP code by uploading a PHP file with e.g. a ".phtml" file extension. Successful exploitation of this vulnerability requires that the site has a content type with an embedded media field that has the custom audio or video provider file enabled, and that the user has access to create or edit the content type. The vulnerabilities are reported in versions prior to 5.x-1.12, 6.x-1.26, and 6.x-2.4. SOLUTION: Update to version 5.x-1.12 or later, 6.x-1.26 or later, or 6.x-2.4 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits Justin Klein Keane. ORIGINAL ADVISORY: SA-CONTRIB-2010-109: http://drupal.org/node/992924 Justin Klein Keane: http://www.madirish.net/?article=472 http://www.madirish.net/?article=473 http://www.madirish.net/?article=474 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 10 16:48:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 11 Dec 2010 01:48:13 +0100 Subject: [SEC] [SA42517] Mozilla Firefox Multiple Vulnerabilities Message-ID: <201012110048.oBB0mDBD016053@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Mozilla Firefox Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42517 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42517/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42517 RELEASE DATE: 2010-12-11 DISCUSS ADVISORY: http://secunia.com/advisories/42517/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42517/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42517 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user's system. 1) Multiple errors in the browser engine can be exploited to corrupt memory and potentially execute arbitrary code. 2) An error when handling line breaks in overly long strings passed to "document.write()" can be exploited to read data from out-of-bounds memory location and potentially execute arbitrary code. 3) An error when opening a new window using "window.open()" can be exploited to execute arbitrary JavaScript code with chrome privileges via the "" element. 4) An error in the handling of "
" elements nested within "" elements in a XUL tree element can be exploited to corrupt memory and potentially execute arbitrary code. 5) An error in the Java LiveConnect script when loaded via a "data:" URL can be exploited to e.g. read arbitrary files, launch arbitrary processes, and establish arbitrary network connections. 6) A use-after-free error in the "NodeIterator API" when handling a "nsDOMAttribute" node can be exploited to corrupt memory and execute arbitrary code. 7) An integer overflow when creating arrays can be exploited to corrupt memory and potentially execute arbitrary code. 8) An error related to the XMLHttpRequestSpy object can be exploited to execute arbitrary JavaScript code. This is due to an incomplete fix for vulnerability #9 in: SA37242 9) An error exists in the handling of documents with no inherent origin associated. This can be exploited to bypass the same-origin policy and spoof the URL of a trusted site by tricking users into opening site which result in e.g. about:config or about:neterror pages. 10) An error exists in the rendering engine when handling certain Mac charset encodings. This can be exploited to potentially execute arbitrary JavaScript code in the context of the destination website. The weakness and the vulnerabilities are reported in versions prior to 3.6.13 and 3.5.16. SOLUTION: Update to version 3.6.13 or 3.5.16. PROVIDED AND/OR DISCOVERED BY: 6, 7) regenrecht, reported via ZDI 9) Michal Zalewski The vendor credits: 1) Jesee Ruderman, Andreas Gal, Nils, Brian Hackett, Igor Bukanov. 2) Dirk Heinrich 3) echo 4) wushi, team509 5) Gregory Fleischer 8) moz_bug_r_a4 10) Yosuke Hasegawa and Masatoshi Kimura ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2010/mfsa2010-74.html http://www.mozilla.org/security/announce/2010/mfsa2010-75.html http://www.mozilla.org/security/announce/2010/mfsa2010-76.html http://www.mozilla.org/security/announce/2010/mfsa2010-77.html http://www.mozilla.org/security/announce/2010/mfsa2010-78.html http://www.mozilla.org/security/announce/2010/mfsa2010-79.html http://www.mozilla.org/security/announce/2010/mfsa2010-80.html http://www.mozilla.org/security/announce/2010/mfsa2010-81.html http://www.mozilla.org/security/announce/2010/mfsa2010-82.html http://www.mozilla.org/security/announce/2010/mfsa2010-83.html http://www.mozilla.org/security/announce/2010/mfsa2010-84.html ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-264/ http://www.zerodayinitiative.com/advisories/ZDI-10-265/ Michal Zalewski: http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0144.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 10 17:13:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 11 Dec 2010 02:13:16 +0100 Subject: [SEC] [SA42543] Red Hat update for seamonkey Message-ID: <201012110113.oBB1DGoH004835@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for seamonkey SECUNIA ADVISORY ID: SA42543 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42543/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42543 RELEASE DATE: 2010-12-11 DISCUSS ADVISORY: http://secunia.com/advisories/42543/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42543/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42543 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. For more information: SA42518 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0967-1: https://rhn.redhat.com/errata/RHSA-2010-0967.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 10 17:45:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 11 Dec 2010 02:45:44 +0100 Subject: [SEC] [SA42557] Ubuntu update for thunderbird Message-ID: <201012110145.oBB1jiQE026366@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for thunderbird SECUNIA ADVISORY ID: SA42557 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42557/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42557 RELEASE DATE: 2010-12-11 DISCUSS ADVISORY: http://secunia.com/advisories/42557/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42557/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42557 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA42519 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1020-1: http://www.ubuntu.com/usn/usn-1020-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 10 18:10:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 11 Dec 2010 03:10:42 +0100 Subject: [SEC] [SA42533] Red Hat update for firefox Message-ID: <201012110210.oBB2AgXn015167@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for firefox SECUNIA ADVISORY ID: SA42533 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42533/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42533 RELEASE DATE: 2010-12-11 DISCUSS ADVISORY: http://secunia.com/advisories/42533/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42533/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42533 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for firefox. This fixes a weakness and some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system. For more information: SA42517 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0966-1: https://rhn.redhat.com/errata/RHSA-2010-0966.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 10 18:46:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 11 Dec 2010 03:46:10 +0100 Subject: [SEC] [SA42584] Sophos SafeGuard Products Credential Removal Security Bypass Message-ID: <201012110246.oBB2kAmV004398@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Sophos SafeGuard Products Credential Removal Security Bypass SECUNIA ADVISORY ID: SA42584 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42584/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42584 RELEASE DATE: 2010-12-11 DISCUSS ADVISORY: http://secunia.com/advisories/42584/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42584/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42584 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the SafeGuard Enterprise Device Encryption, SafeGuard Easy Device Encryption Client, and Sophos Disk Encryption products, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to the applications not properly removing outdated or invalidated credentials from the system, which can be exploited to access an endpoint computer by using outdated or invalidated credentials. The vulnerability is reported in the following products and versions: * SafeGuard Enterprise Device Encryption 5.x * SafeGuard Easy Device Encryption Client 5.50.x * Sophos Disk Encryption 5.50.x SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.sophos.com/support/knowledgebase/article/112655.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 10 19:16:01 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 11 Dec 2010 04:16:01 +0100 Subject: [SEC] [SA42572] Joomla JE Messenger Component Arbitrary File Upload Security Issue Message-ID: <201012110316.oBB3G12J026308@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Joomla JE Messenger Component Arbitrary File Upload Security Issue SECUNIA ADVISORY ID: SA42572 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42572/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42572 RELEASE DATE: 2010-12-11 DISCUSS ADVISORY: http://secunia.com/advisories/42572/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42572/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42572 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Salvatore Fresta has discovered a security issue in the JE Messenger component for Joomla, which can be exploited by malicious users to compromise a vulnerable system. The security issue is caused due to the controllers/compose.php script improperly handling uploaded files containing disallowed extensions. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script via the "Compose Mail" page. Successful exploitation requires guessing the uploaded file name, which is based on the uploaded time stamp. The security issue is confirmed in version 1.0. Other versions may also be affected. SOLUTION: Restrict access to the "Compose Mail" page to trusted users only. PROVIDED AND/OR DISCOVERED BY: Salvatore Fresta ORIGINAL ADVISORY: http://adv.salvatorefresta.net/JE_Messenger_1.0_Arbitrary_File_Upload_Vulnerability-09122010.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 10 19:45:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 11 Dec 2010 04:45:08 +0100 Subject: [SEC] [SA42535] Red Hat update for thunderbird Message-ID: <201012110345.oBB3j8NU015284@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for thunderbird SECUNIA ADVISORY ID: SA42535 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42535/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42535 RELEASE DATE: 2010-12-11 DISCUSS ADVISORY: http://secunia.com/advisories/42535/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42535/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42535 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA42519 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0968-1: https://rhn.redhat.com/errata/RHSA-2010-0968.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 10 20:09:57 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 11 Dec 2010 05:09:57 +0100 Subject: [SEC] [SA42437] phpFreeChat "cmd" Cross-Site Scripting Vulnerability Message-ID: <201012110409.oBB49vAb004058@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: phpFreeChat "cmd" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42437 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42437/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42437 RELEASE DATE: 2010-12-11 DISCUSS ADVISORY: http://secunia.com/advisories/42437/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42437/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42437 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in phpFreeChat, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "cmd" parameter to index.php (when "pfc_ajax" is set and "f" is set to "handleRequest") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Zsolt Imre OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 10 20:24:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 11 Dec 2010 05:24:19 +0100 Subject: [SEC] [SA42561] CA ARCserve and XOsoft Products SOAP Request Processing Buffer Overflow Message-ID: <201012110424.oBB4OJLi024775@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: CA ARCserve and XOsoft Products SOAP Request Processing Buffer Overflow SECUNIA ADVISORY ID: SA42561 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42561/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42561 RELEASE DATE: 2010-12-11 DISCUSS ADVISORY: http://secunia.com/advisories/42561/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42561/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42561 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in CA ARCserve and XOsoft products, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error while processing the "create_session_bab" SOAP operation and can be exploited to cause a buffer overflow by sending a specially crafted POST request to the xosoapapi.asmx process. The vulnerability is reported in the following products and versions: CA XOsoft Replication r12.0 sp1 CA XOsoft High Availability r12.0 sp1 CA XOsoft Content Distribution r12.0 sp1 CA XOsoft Replication r12.5 sp2 rollup CA XOsoft High Availability r12.5 sp2 rollup CA XOsoft Content Distribution r12.5 sp2 rollup CA ARCserve Replication and High Availability r15.0 sp1 SOLUTION: Apply the patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: AbdulAziz Hariri reported via ZDI. ORIGINAL ADVISORY: CA20101209-01: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={FEB41CE8-5023-46DF-B257-5299F492BF23} ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-263/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 10 20:44:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 11 Dec 2010 05:44:46 +0100 Subject: [SEC] [SA42555] Ubuntu update for clamav Message-ID: <201012110444.oBB4ikxx013369@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for clamav SECUNIA ADVISORY ID: SA42555 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42555/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42555 RELEASE DATE: 2010-12-11 DISCUSS ADVISORY: http://secunia.com/advisories/42555/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42555/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42555 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for clamav. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA42426 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1031-1: http://www.ubuntu.com/usn/usn-1031-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 10 21:10:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 11 Dec 2010 06:10:35 +0100 Subject: [SEC] [SA42558] Ubuntu update for krb5 Message-ID: <201012110510.oBB5AZVl002134@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for krb5 SECUNIA ADVISORY ID: SA42558 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42558/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42558 RELEASE DATE: 2010-12-11 DISCUSS ADVISORY: http://secunia.com/advisories/42558/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42558/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42558 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for krb5. This fixes multiple vulnerabilities, which can be exploited by malicious users and malicious people to conduct spoofing attacks and bypass certain security features. For more information: SA37977 SA42396 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1030-1: http://www.ubuntu.com/usn/usn-1030-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 10 21:24:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 11 Dec 2010 06:24:08 +0100 Subject: [SEC] [SA42570] Linux Kernel "install_special_mapping()" mmap_min_addr Security Bypass Weakness Message-ID: <201012110524.oBB5O8fN022864@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Linux Kernel "install_special_mapping()" mmap_min_addr Security Bypass Weakness SECUNIA ADVISORY ID: SA42570 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42570/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42570 RELEASE DATE: 2010-12-11 DISCUSS ADVISORY: http://secunia.com/advisories/42570/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42570/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42570 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in the Linux Kernel, which can be exploited by malicious, local users to bypass certain security restrictions. The weakness is caused due to the "install_special_mapping()" function in mm/mmap.c not properly restricting mappings below the limit set via the "mmap_min_addr" sysctl, which can be exploited to map memory into forbidden areas. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Tavis Ormandy ORIGINAL ADVISORY: http://www.openwall.com/lists/oss-security/2010/12/09/12 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 10 21:45:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 11 Dec 2010 06:45:07 +0100 Subject: [SEC] [SA42519] Mozilla Thunderbird Multiple Vulnerabilities Message-ID: <201012110545.oBB5j7Ko011478@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Mozilla Thunderbird Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42519 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42519/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42519 RELEASE DATE: 2010-12-11 DISCUSS ADVISORY: http://secunia.com/advisories/42519/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42519/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42519 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to compromise a user's system. For more information: SA42517 The vulnerabilities are reported in versions prior to 3.1.7 and 3.0.11. SOLUTION: Update to version 3.1.7 or 3.0.11. ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2010/mfsa2010-74.html http://www.mozilla.org/security/announce/2010/mfsa2010-75.html http://www.mozilla.org/security/announce/2010/mfsa2010-78.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 10 22:10:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 11 Dec 2010 07:10:12 +0100 Subject: [SEC] [SA42560] HP-UX update for JRE / JDK Message-ID: <201012110610.oBB6ACbi032655@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HP-UX update for JRE / JDK SECUNIA ADVISORY ID: SA42560 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42560/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42560 RELEASE DATE: 2010-12-11 DISCUSS ADVISORY: http://secunia.com/advisories/42560/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42560/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42560 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: HP-UX has issued an update for JRE / JDK. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, and compromise a vulnerable system. For more information: SA41791 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: HPSBUX02608 SSRT100333 http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02616748 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 11 10:30:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 11 Dec 2010 19:30:19 +0100 Subject: [SEC] [SA42588] Red Hat update for thunderbird Message-ID: <201012111830.oBBIUJAX021256@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for thunderbird SECUNIA ADVISORY ID: SA42588 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42588/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42588 RELEASE DATE: 2010-12-11 DISCUSS ADVISORY: http://secunia.com/advisories/42588/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42588/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42588 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA42519 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0969-2: https://rhn.redhat.com/errata/RHSA-2010-0969.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 11 11:30:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 11 Dec 2010 20:30:00 +0100 Subject: [SEC] [SA42564] Interstage HTTP Server Two Vulnerabilities Message-ID: <201012111930.oBBJU0R5011595@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Interstage HTTP Server Two Vulnerabilities SECUNIA ADVISORY ID: SA42564 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42564/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42564 RELEASE DATE: 2010-12-11 DISCUSS ADVISORY: http://secunia.com/advisories/42564/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42564/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42564 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fujitsu has acknowledged two vulnerabilities in Interstage HTTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service) and bypass certain security restrictions. For more information: SA36549 SA36675 SOLUTION: Apply patches (please see the vendor's advisory for details). ORIGINAL ADVISORY: http://www.fujitsu.com/global/support/software/security/products-f/interstage-201007e.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 11 12:30:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 11 Dec 2010 21:30:11 +0100 Subject: [SEC] [SA42575] net2ftp "net2ftp_globals[application_skinsdir]" File Inclusion Message-ID: <201012112030.oBBKUBuZ001918@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: net2ftp "net2ftp_globals[application_skinsdir]" File Inclusion SECUNIA ADVISORY ID: SA42575 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42575/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42575 RELEASE DATE: 2010-12-11 DISCUSS ADVISORY: http://secunia.com/advisories/42575/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42575/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42575 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in net2ftp, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "net2ftp_globals[application_skinsdir]" parameter in skins/mobile/admin1.template.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources. Successful exploitation requires that "register_globals" is enabled. The vulnerability is confirmed in version 0.98. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Marcin Ressel OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 11 13:30:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 11 Dec 2010 22:30:00 +0100 Subject: [SEC] [SA42464] Joomla! Billy Portfolio Component "catid" SQL Injection Vulnerability Message-ID: <201012112130.oBBLU09Z024724@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Joomla! Billy Portfolio Component "catid" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42464 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42464/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42464 RELEASE DATE: 2010-12-11 DISCUSS ADVISORY: http://secunia.com/advisories/42464/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42464/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42464 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Billy Portfolio component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "catid" parameter to index.php (when "option" is set to "com_billyportfolio" and "view" is set to "billyportfolio") is not properly sanitised in models/billyportfolio.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: jdc OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 12 10:29:55 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 12 Dec 2010 19:29:55 +0100 Subject: [SEC] [SA42512] Mac RealPlayer Multiple Vulnerabilities Message-ID: <201012121829.oBCITtFG003187@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Mac RealPlayer Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42512 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42512/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42512 RELEASE DATE: 2010-12-12 DISCUSS ADVISORY: http://secunia.com/advisories/42512/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42512/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42512 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Mac RealPlayer, which can be exploited by malicious people to compromise a user's system. For more information: SA38550 SOLUTION: Update to version 12.0.0.1548. ORIGINAL ADVISORY: http://service.real.com/realplayer/security/12102010_player/en/ http://realnetworksblog.com/?p=2216 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 12 11:30:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 12 Dec 2010 20:30:03 +0100 Subject: [SEC] [SA42565] Linux RealPlayer Multiple Vulnerabilities Message-ID: <201012121930.oBCJU3Lm025974@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Linux RealPlayer Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42565 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42565/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42565 RELEASE DATE: 2010-12-12 DISCUSS ADVISORY: http://secunia.com/advisories/42565/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42565/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42565 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Linux RealPlayer, which can be exploited by malicious people to compromise a user's system. For more information: SA38550 SOLUTION: Update to version 11.0.2.2315. ORIGINAL ADVISORY: http://service.real.com/realplayer/security/12102010_player/en/ http://realnetworksblog.com/?p=2216 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 12 12:30:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 12 Dec 2010 21:30:05 +0100 Subject: [SEC] [SA42587] Debian update for exim4 Message-ID: <201012122030.oBCKU5GD016356@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Debian update for exim4 SECUNIA ADVISORY ID: SA42587 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42587/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42587 RELEASE DATE: 2010-12-12 DISCUSS ADVISORY: http://secunia.com/advisories/42587/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42587/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42587 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for exim4. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA40019: SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: http://www.debian.org/security/2010/dsa-2131 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 12 13:30:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 12 Dec 2010 22:30:20 +0100 Subject: [SEC] [SA42586] Red Hat update for exim Message-ID: <201012122130.oBCLUKUw006737@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for exim SECUNIA ADVISORY ID: SA42586 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42586/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42586 RELEASE DATE: 2010-12-12 DISCUSS ADVISORY: http://secunia.com/advisories/42586/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42586/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42586 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for exim. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA40019 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: https://rhn.redhat.com/errata/RHSA-2010-0970.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 12 14:24:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 12 Dec 2010 23:24:18 +0100 Subject: [SEC] [SA42589] Ubuntu update for exim4 Message-ID: <201012122224.oBCMOIgs029236@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for exim4 SECUNIA ADVISORY ID: SA42589 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42589/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42589 RELEASE DATE: 2010-12-12 DISCUSS ADVISORY: http://secunia.com/advisories/42589/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42589/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42589 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for exim4. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA40019 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: http://www.ubuntu.com/usn/usn-1032-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 12 14:45:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 12 Dec 2010 23:45:11 +0100 Subject: [SEC] [SA42333] RealPlayer Enterprise Multiple Vulnerabilities Message-ID: <201012122245.oBCMjBxI017843@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: RealPlayer Enterprise Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42333 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42333/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42333 RELEASE DATE: 2010-12-12 DISCUSS ADVISORY: http://secunia.com/advisories/42333/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42333/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42333 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in RealPlayer Enterprise, which can be exploited by malicious people to compromise a user's system. For more information: SA38550 SOLUTION: Update to version 2.1.4. ORIGINAL ADVISORY: http://service.real.com/realplayer/security/12102010_player/en/ http://realnetworksblog.com/?p=2216 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 12 15:15:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 13 Dec 2010 00:15:24 +0100 Subject: [SEC] [SA38550] RealPlayer Multiple Vulnerabilities Message-ID: <201012122315.oBCNFOMj006886@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: RealPlayer Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38550 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/38550/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=38550 RELEASE DATE: 2010-12-12 DISCUSS ADVISORY: http://secunia.com/advisories/38550/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/38550/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=38550 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system. 1) An error exists when parsing RealAudio content encoded using the "cook" codec. This can be exploited to trigger the use of uninitialised memory and potentially cause a memory corruption via e.g. a specially crafted RealMedia file. 2) An error in the handling of errors encountered while decoding "cook"-encoded audio content can be exploited to trigger the use of uninitialised memory and potentially free an arbitrary address. 3) An error in the parsing of AAC audio content can be exploited to corrupt memory via specially crafted spectral data. 4) An array indexing error when parsing Media Properties Header (MDPR) in a RealMedia file can be exploited to corrupt memory. 5) An input validation error when parsing a RealMedia file can be exploited to cause a buffer overflow via a specially crafted multi-rate audio stream. 6) An error in the processing of the "StreamTitle" tag in a SHOUTcast stream using the ICY protocol can be exploited to cause an allocation failure for heap memory, which can result in the usage of freed pointers. 7) An integer overflow error when parsing a MLLT atom in an .AAC file can be exploited to cause a buffer overflow. 8) An input validation error in the "pnen3260.dll" module in the parsing of TIT2 atoms within AAC files can be exploited to corrupt memory. 9) An integer overflow in the parsing of GIF87a files over the streaming protocol RTSP can be exploited to cause a buffer overflow via a large "Screen Width" size in the "Screen Descriptor" header. 10) An error in the parsing of audio codec information in a Real Audio media file can be exploited to to cause a heap-based buffer overflow via a large number of subbands. 11) An input validation error in drv2.dll when decompressing RV20 video streams can be exploited to corrupt heap memory. 12) An unspecified error related to "SIPR" parsing can be exploited to corrupt heap memory. 13) An unspecified error related to "SOUND" processing can be exploited to corrupt heap memory. 14) An unspecified error related to "AAC" processing can be exploited to corrupt heap memory. 15) An unspecified error related to "RealMedia" processing can be exploited to corrupt heap memory. 16) An unspecified error related to "RA5" processing can be exploited to corrupt heap memory. 17) An integer overflow in "drv1.dll" when parsing SIPR stream metadata can be exploited to cause a heap-based buffer overflow, e.g. via the RealPlayer ActiveX control. 18) An input validation error in the processing of RealMedia files can be exploited to corrupt heap memory. 19) An input validation error in the RealAudio codec when processing RealMedia files can be exploited to corrupt heap memory. 20) An error in the "HandleAction" method in the RealPlayer ActiveX control allows users to download and execute scripts in the "Local Zone". 21) Input sanitisation errors in the "Custsupport.html", "Main.html", and "Upsell.htm" components can be exploited to inject arbitrary code into the RealOneActiveXObject process and load unsafe controls. 22) A boundary error in the parsing of cook-specific data used for initialization can be exploited to cause a heap-based buffer overflow. 23) An error in the parsing of MLTI chunks when processing Internet Video Recording (.ivr) files can be exploited to cause a heap-based buffer overflow via an invalid size for an embedded MDPR chunk. 24) An error in the parsing of MLTI chunks when processing Internet Video Recording (.ivr) files can be exploited to corrupt heap memory via an invalid number streams within the chunk. 25) An input validation error when parsing the RMX file format can be exploited to cause a heap-based buffer overflow. 26) An error when decoding data for particular mime types within a RealMedia file can be exploited to cause a heap-based buffer overflow. 27) An error in the parsing of server headers can be exploited to cause a heap-based buffer overflow via an image tag pointing to a malicious server, which causes the player to fetch a remote file. 28) An error in the implementation of the Advanced Audio Coding compression when decoding a conditional component of a data block within an AAC frame can be exploited to corrupt memory. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. SOLUTION: Upgrade to RealPlayer 14.0.0 or later. PROVIDED AND/OR DISCOVERED BY: 1, 2) Alin Rad Pop, Secunia Research. 3) Carsten Eiram, Secunia Research. 4) Anonymous and Hossein Lotfi, reported via ZDI. 5 - 11, 20, 21) Anonymous, reported via ZDI. 12 - 14) The vendor credits Nicolas Joly, Vupen 15) The vendor credits Chaouki Bekrar, Vupen 17) Aaron Portnoy, Zef Cekaj, and Logan Brown of TippingPoint DVLabs 18, 19) Omair, reported via iDefense. 22, 28) Damian Put, reported via ZDI. 23, 24) Aaron Portnoy and Logan Brown of TippingPoint DVLabs and Team lollersk8erz. 25) Sebastian Apelt, reported via ZDI. 26) Sebastian Apelt and Andreas Schmidt, reported via ZDI. 27) AbdulAziz Hariri, reported via ZDI. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2010-9/ http://secunia.com/secunia_research/2010-14/ http://secunia.com/secunia_research/2010-15/ RealNetworks: http://service.real.com/realplayer/security/12102010_player/en/ http://realnetworksblog.com/?p=2216 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-268/ http://www.zerodayinitiative.com/advisories/ZDI-10-266/ http://www.zerodayinitiative.com/advisories/ZDI-10-270/ http://www.zerodayinitiative.com/advisories/ZDI-10-273/ http://www.zerodayinitiative.com/advisories/ZDI-10-269/ http://www.zerodayinitiative.com/advisories/ZDI-10-271/ http://www.zerodayinitiative.com/advisories/ZDI-10-272/ http://www.zerodayinitiative.com/advisories/ZDI-10-274/ http://www.zerodayinitiative.com/advisories/ZDI-10-275/ http://www.zerodayinitiative.com/advisories/ZDI-10-276/ http://www.zerodayinitiative.com/advisories/ZDI-10-277/ http://www.zerodayinitiative.com/advisories/ZDI-10-278/ http://www.zerodayinitiative.com/advisories/ZDI-10-279/ http://www.zerodayinitiative.com/advisories/ZDI-10-281/ http://www.zerodayinitiative.com/advisories/ZDI-10-280/ http://www.zerodayinitiative.com/advisories/ZDI-10-282/ http://www.zerodayinitiative.com/advisories/ZDI-10-267/ TippingPoint DVLabs: http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0216.html http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0212.html http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0213.html iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=883 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=884 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 13 10:30:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 13 Dec 2010 19:30:39 +0100 Subject: [SEC] [SA42616] Joomla JE Auto Component SQL Injection Vulnerability Message-ID: <201012131830.oBDIUdCo014854@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Joomla JE Auto Component SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42616 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42616/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42616 RELEASE DATE: 2010-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/42616/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42616/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42616 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the JE Auto component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. Certain input is not properly sanitised before being used in SQL queries when viewing an item. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in versions prior to 1.1. SOLUTION: Update to version 1.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: JE Auto: http://www.joomlaextensions.co.in/extensions/components/je-auto.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 13 11:32:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 13 Dec 2010 20:32:21 +0100 Subject: [SEC] [SA42618] ISC DHCP Failover Peer Denial of Service Vulnerability Message-ID: <201012131932.oBDJWLSs005288@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: ISC DHCP Failover Peer Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42618 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42618/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42618 RELEASE DATE: 2010-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/42618/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42618/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42618 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in ISC DHCP, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the failover peer feature when handling certain TCP traffic, which can be exploited to e.g. stop ISC DHCP from responding to DHCP requests by sending specially crafted packets to the failover peer port. The vulnerability is reported in 4.2 versions prior to 4.2.0-P2. SOLUTION: Update to version 4.2.0-P2. PROVIDED AND/OR DISCOVERED BY: Brad Bendily ORIGINAL ADVISORY: ISC: https://www.isc.org/software/dhcp/advisories/cve-2010-3616 Brad Bendily: https://lists.isc.org/pipermail/dhcp-users/2010-December/012368.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 13 12:31:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 13 Dec 2010 21:31:02 +0100 Subject: [SEC] [SA42629] Avaya CMS Solaris Filesystem and Virtual Memory Subsystem Denial of Service Message-ID: <201012132031.oBDKV22Z028030@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Avaya CMS Solaris Filesystem and Virtual Memory Subsystem Denial of Service SECUNIA ADVISORY ID: SA42629 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42629/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42629 RELEASE DATE: 2010-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/42629/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42629/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42629 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Avaya has acknowledged a vulnerability in Avaya Call Management System (CMS), which can be exploited by malicious, local users to cause a DoS (Denial of Service). For more information: SA36319 SOLUTION: Apply updates. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: ASA-2009-375: https://support.avaya.com/css/P8/documents/100064773 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 13 13:31:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 13 Dec 2010 22:31:31 +0100 Subject: [SEC] [SA42599] Avaya Application Enablement Services OAM Security Bypass Vulnerability Message-ID: <201012132131.oBDLVVOW018422@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Avaya Application Enablement Services OAM Security Bypass Vulnerability SECUNIA ADVISORY ID: SA42599 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42599/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42599 RELEASE DATE: 2010-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/42599/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42599/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42599 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Avaya Application Enablement Services, which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to an error in the OAM web interface and can be exploited to perform certain actions with escalated privileges. The vulnerability is reported in version 4.x. SOLUTION: Upgrade to version 5.2 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits Ben Heinkel, Context Information Security Ltd. ORIGINAL ADVISORY: ASA-2010-339: https://support.avaya.com/css/P8/documents/100121813 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 13 14:24:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 13 Dec 2010 23:24:17 +0100 Subject: [SEC] [SA42627] Xerox WorkCentre Scan to Email Information Disclosure Security Issue Message-ID: <201012132224.oBDMOHdA008479@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Xerox WorkCentre Scan to Email Information Disclosure Security Issue SECUNIA ADVISORY ID: SA42627 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42627/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42627 RELEASE DATE: 2010-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/42627/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42627/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42627 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Xerox WorkCentre, which can be exploited by malicious people to disclose potentially sensitive information. The security issue is caused due to an error within the "Scan to Email" functionality, which results in two different documents being merged into one. This can be exploited to view a document scanned by another person. The security issue is reported in Xerox WorkCentre 5735, 5740, 5745, 5755, 5765, 5775, and 5790. SOLUTION: Apply patch P44 (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.xerox.com/downloads/usa/en/c/cert_XRX10-005_v1.0.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 13 14:44:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 13 Dec 2010 23:44:49 +0100 Subject: [SEC] [SA42602] Cobbler "cobblerd" Umask Insecure File Creation Weakness Message-ID: <201012132244.oBDMinUk029480@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Cobbler "cobblerd" Umask Insecure File Creation Weakness SECUNIA ADVISORY ID: SA42602 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42602/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42602 RELEASE DATE: 2010-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/42602/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42602/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42602 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in Cobbler, which can be exploited by malicious, local users to manipulate certain data. The weakness is caused due to cobblerd using an insecure umask, which can lead to cobblerd creating world writable files in e.g. /tftpboot/pxelinux.cfg/ when running the sync command. The weakness is reported in version 2.3.0.1 and prior. SOLUTION: Update to version 2.0.4 or later. PROVIDED AND/OR DISCOVERED BY: Martin Osvald ORIGINAL ADVISORY: https://bugzilla.redhat.com/show_bug.cgi?id=554567 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 13 15:17:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 14 Dec 2010 00:17:58 +0100 Subject: [SEC] [SA42308] Snitz Forums 2000 "M_NAME" Cross-Site Scripting and SQL Injection Vulnerabilities Message-ID: <201012132317.oBDNHws3018754@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Snitz Forums 2000 "M_NAME" Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA42308 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42308/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42308 RELEASE DATE: 2010-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/42308/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42308/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42308 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Stefano Angaran has discovered some vulnerabilities in Snitz Forums 2000, which can be exploited by malicious users to conduct SQL injection attacks and by people to conduct cross-site scripting attacks. 1) Input passed to the "M_NAME" parameter in members.asp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "M_NAME" parameter in members.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 3.4.07. Other versions may also be affected. SOLUTION: The vendor has released an updated version 3.4.07, which fixes the vulnerabilities. PROVIDED AND/OR DISCOVERED BY: Stefano Angaran, via Secunia. Additional information provided by Secunia Research. ORIGINAL ADVISORY: Snitz Forums 2000: http://forum.snitz.com/forum/topic.asp?TOPIC_ID=69770 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 13 15:47:15 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 14 Dec 2010 00:47:15 +0100 Subject: [SEC] [SA42624] IBM Rational ClearQuest Multiple Vulnerabilities Message-ID: <201012132347.oBDNlFS5007746@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM Rational ClearQuest Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42624 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42624/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42624 RELEASE DATE: 2010-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/42624/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42624/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42624 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in IBM Rational ClearQuest, some of which have an unknown impact and others can be exploited by malicious people to disclose sensitive information. 1) An error exists in the ClearQuest web client related to Dojo Toolkit. This can be exploited to disclose the cookies. This vulnerability is reported in versions prior to 7.0.1.11, 7.1.1.4, and 7.1.2.1. 2) Some vulnerabilities in ".ocx" files are caused due to unspecified errors. No further information is currently available. These vulnerabilities are reported in versions prior to 7.1.1.4 and 7.1.2.1. SOLUTION: Apply APARS PM15146 and PM01811 or update to versions 7.0.1.11, 7.1.1.4, or 7.1.2.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (PM15146, PM01811) ftp://public.dhe.ibm.com/software/rational/clearquest/7.1.1/7.1.1.4-RATL-RCQ/7.1.1.4-RATL-RCQ.ux.readme http://www-01.ibm.com/support/docview.wss?uid=swg1PM15146 http://www-01.ibm.com/support/docview.wss?uid=swg1PM01811 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 13 16:12:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 14 Dec 2010 01:12:39 +0100 Subject: [SEC] [SA42576] SUSE update for exim Message-ID: <201012140012.oBE0Cdsv028978@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SUSE update for exim SECUNIA ADVISORY ID: SA42576 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42576/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42576 RELEASE DATE: 2010-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/42576/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42576/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42576 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for exim. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA40019 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SA:2010:059: http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 13 16:47:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 14 Dec 2010 01:47:11 +0100 Subject: [SEC] [SA42574] Debian update for bind9 Message-ID: <201012140047.oBE0lBRC018201@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Debian update for bind9 SECUNIA ADVISORY ID: SA42574 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42574/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42574 RELEASE DATE: 2010-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/42574/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42574/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42574 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for bind9. This fixes a weakness and some vulnerabilities, which can be exploited by malicious people to manipulate certain data and cause a DoS (Denial of Service). For more information: SA41654 SA42374 SA42435 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA-2130-1: http://lists.debian.org/debian-security-announce/2010/msg00182.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 13 17:14:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 14 Dec 2010 02:14:38 +0100 Subject: [SEC] [SA42571] Fedora update for openssl Message-ID: <201012140114.oBE1Ec3W007117@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for openssl SECUNIA ADVISORY ID: SA42571 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42571/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42571 RELEASE DATE: 2010-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/42571/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42571/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42571 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA42473 SOLUTION: Apply updated packages using the yum utility ("yum update openssl"). ORIGINAL ADVISORY: FEDORA-2010-18765: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052027.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 13 17:46:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 14 Dec 2010 02:46:21 +0100 Subject: [SEC] [SA42596] BizDir "f_srch" Cross-Site Scripting Vulnerability Message-ID: <201012140146.oBE1kLk5028617@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: BizDir "f_srch" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42596 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42596/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42596 RELEASE DATE: 2010-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/42596/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42596/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42596 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Aliaksandr Hartsuyeu has reported a vulnerability in BizDir, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "f_srch" parameter in bizdir.cgi is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in version 5.10. Other versions may also be affected. SOLUTION: Reportedly a patch has been released. Contact the vendor for further information. PROVIDED AND/OR DISCOVERED BY: Aliaksandr Hartsuyeu ORIGINAL ADVISORY: http://evuln.com/vulns/158/summary.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 13 18:09:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 14 Dec 2010 03:09:54 +0100 Subject: [SEC] [SA42569] Fedora update for firefox and xulrunner Message-ID: <201012140209.oBE29sLq017356@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for firefox and xulrunner SECUNIA ADVISORY ID: SA42569 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42569/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42569 RELEASE DATE: 2010-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/42569/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42569/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42569 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for firefox and xulrunner. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user's system. For more information: SA42517 SOLUTION: Apply updated packages using the yum utility ("yum update firefox xulrunner"). ORIGINAL ADVISORY: FEDORA-2010-18775: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052023.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052021.html FEDORA-2010-18773: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052029.html http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052035.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 13 18:24:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 14 Dec 2010 03:24:19 +0100 Subject: [SEC] [SA42568] Fedora update for thunderbird Message-ID: <201012140224.oBE2OJdo005666@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for thunderbird SECUNIA ADVISORY ID: SA42568 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42568/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42568 RELEASE DATE: 2010-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/42568/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42568/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42568 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA42519 SOLUTION: Apply updated packages using the yum utility ("yum update thunderbird"). ORIGINAL ADVISORY: FEDORA-2010-18777: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052110.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 13 18:45:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 14 Dec 2010 03:45:16 +0100 Subject: [SEC] [SA42573] Debian update for xulrunner Message-ID: <201012140245.oBE2jGLm026691@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Debian update for xulrunner SECUNIA ADVISORY ID: SA42573 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42573/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42573 RELEASE DATE: 2010-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/42573/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42573/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42573 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for xulrunner. This fixes a weakness and some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user's system. For more information: SA42517 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA 2132-1: http://lists.debian.org/debian-security-announce/2010/msg00183.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 13 19:15:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 14 Dec 2010 04:15:29 +0100 Subject: [SEC] [SA42346] SilverStripe Multiple Vulnerabilities Message-ID: <201012140315.oBE3FTA6016221@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SilverStripe Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42346 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42346/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42346 RELEASE DATE: 2010-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/42346/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42346/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42346 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two weaknesses and some vulnerabilities have been discovered in SilverStripe, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and conduct SQL injection attacks 1) Input appended to the URL after e.g. Security/ is not properly sanitised in the "httpError()" function in sapphire/core/control/RequestHandler.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) A weakness is caused due to the application storing the version information in the "silverstripe_version" file under the "sapphire" directory with insecure permissions. This can be exploited to view version information. 3) Input passed via the "locale" parameter to e.g. index.php is not properly sanitised in the "augmentSQL()" function in sapphire/trunk/core/model/Translatable.php when using the "Translatable" extension. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. NOTE: Other weaknesses related to the "changepassword" functionality due to insecure HTTP referrer logs, and a disclosure of SQL statements have also been reported. The weaknesses and the vulnerabilities are confirmed in version 2.4.3 and reported in version 2.3.9. Other versions may also be affected. SOLUTION: The weakness and the vulnerabilities are fixed in versions 2.4.4-rc1 and 2.3.10-rc1. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Tim Suter 2) Robert Mac Neil 3) Pavol Ondras ORIGINAL ADVISORY: http://silverstripe.org/releases-and-announcements/show/15131 http://silverstripe.org/releases-and-announcements/show/15132 http://open.silverstripe.org/changeset/114782 http://open.silverstripe.org/changeset/114444 http://open.silverstripe.org/changeset/114773 http://open.silverstripe.org/changeset/114515 http://open.silverstripe.org/changeset/114758 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 13 19:44:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 14 Dec 2010 04:44:09 +0100 Subject: [SEC] [SA42492] Adobe Photoshop Unspecified Vulnerabilities Message-ID: <201012140344.oBE3i9VP005172@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Adobe Photoshop Unspecified Vulnerabilities SECUNIA ADVISORY ID: SA42492 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42492/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42492 RELEASE DATE: 2010-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/42492/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42492/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42492 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities with an unknown impact have been reported in Adobe Photoshop. The vulnerabilities are caused due to unspecified errors. No further information is currently available. The vulnerabilities are reported in versions prior to CS5 12.0.2. SOLUTION: Update to version CS5 12.0.2. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.adobe.com/support/downloads/detail.jsp?ftpID=4893 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 13 20:09:01 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 14 Dec 2010 05:09:01 +0100 Subject: [SEC] [SA42580] D-Bus Message Validation Nested Variants Denial of Service Message-ID: <201012140409.oBE491Nc026373@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: D-Bus Message Validation Nested Variants Denial of Service SECUNIA ADVISORY ID: SA42580 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42580/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42580 RELEASE DATE: 2010-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/42580/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42580/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42580 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: R?mi Denis-Courmont has reported a vulnerability in D-Bus, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing messages containing nested variants, which can be exploited to cause a stack overflow and e.g. crash the D-Bus daemon by sending a D-Bus message containing a large number of nested variants. The vulnerability is reported in version 1.4.0. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: R?mi Denis-Courmont ORIGINAL ADVISORY: R?mi Denis-Courmont: http://www.remlab.net/op/dbus-variant-recursion.shtml http://lists.freedesktop.org/archives/dbus/2010-December/013822.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 13 20:23:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 14 Dec 2010 05:23:04 +0100 Subject: [SEC] [SA42626] Lotus Mobile Connect Cross-Site Scripting Vulnerability Message-ID: <201012140423.oBE4N4bL014685@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Lotus Mobile Connect Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42626 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42626/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42626 RELEASE DATE: 2010-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/42626/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42626/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42626 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Lotus Mobile Connect, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via unspecified parameters to HTTP-AS in the Connection Manager is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 6.1.4. SOLUTION: Update to version 6.1.4. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (IZ77536): http://www-01.ibm.com/support/docview.wss?uid=swg27020327 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 13 20:44:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 14 Dec 2010 05:44:09 +0100 Subject: [SEC] [SA42486] Orion Network Performance Monitor Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201012140444.oBE4i99n003291@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Orion Network Performance Monitor Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA42486 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42486/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42486 RELEASE DATE: 2010-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/42486/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42486/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42486 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Orion Network Performance Monitor, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "Title" parameter in MapView.aspx (when "Map" is set to any value), "NetObject" parameter in NodeDetails.aspx and InterfaceDetails.aspx, and "ChartName" parameter in CustomChart.aspx is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in version 10.1. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences in a proxy. PROVIDED AND/OR DISCOVERED BY: John Blakley (x0skel). ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2010-12/0038.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 13 21:09:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 14 Dec 2010 06:09:59 +0100 Subject: [SEC] [SA42486] Orion Network Performance Monitor Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201012140509.oBE59xFu024535@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Orion Network Performance Monitor Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA42486 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42486/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42486 RELEASE DATE: 2010-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/42486/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42486/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42486 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Orion Network Performance Monitor, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "Title" parameter in MapView.aspx (when "Map" is set to any value), "NetObject" parameter in NodeDetails.aspx and InterfaceDetails.aspx, and "ChartName" parameter in CustomChart.aspx is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in version 10.1. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences in a proxy. PROVIDED AND/OR DISCOVERED BY: John Blakley (x0skel). ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2010-12/0038.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 20 12:30:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 20 Dec 2010 21:30:18 +0100 Subject: [SEC] [SA42630] Microsoft Office Publisher Multiple Vulnerabilities Message-ID: <201012202030.oBKKUI3g017897@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Microsoft Office Publisher Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42630 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42630/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42630 RELEASE DATE: 2010-12-20 DISCUSS ADVISORY: http://secunia.com/advisories/42630/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42630/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42630 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft Office Publisher, which can be exploited by malicious people to compromise a user's system. 1) An error in the Publisher Converter (pubconv.dll) when parsing files can be exploited to corrupt memory. 2) An error in the Publisher Converter (pubconv.dll) when parsing files can be exploited to cause a heap-based buffer overflow. 3) An array indexing error in the Publisher Converter (pubconv.dll) when processing Publisher 97 files can be exploited to corrupt memory. 4) An error when processing Publisher files can be exploited to corrupt memory via a specially crafted file. 5) An array indexing error in the Publisher Converter (pubconv.dll) when processing files can be exploited to corrupt memory. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Chaouki Bekrar, Vupen. ORIGINAL ADVISORY: MS10-103 (KB2284692, KB2284695, KB2284697, KB2409055): http://www.microsoft.com/technet/security/bulletin/ms10-103.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 20 13:30:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 20 Dec 2010 22:30:00 +0100 Subject: [SEC] [SA42623] Red Hat update for bind Message-ID: <201012202130.oBKLU0CC008343@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for bind SECUNIA ADVISORY ID: SA42623 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42623/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42623 RELEASE DATE: 2010-12-20 DISCUSS ADVISORY: http://secunia.com/advisories/42623/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42623/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42623 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for bind. This fixes a weakness and two vulnerabilities, which can be exploited by malicious people to manipulate certain data and cause a DoS (Denial of Service). For more information: SA41654 SA42374 SA42435 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0976-1: https://rhn.redhat.com/errata/RHSA-2010-0976.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 20 14:23:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 20 Dec 2010 23:23:46 +0100 Subject: [SEC] [SA42621] Red Hat update for openssl Message-ID: <201012202223.oBKMNkbq030922@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for openssl SECUNIA ADVISORY ID: SA42621 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42621/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42621 RELEASE DATE: 2010-12-20 DISCUSS ADVISORY: http://secunia.com/advisories/42621/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42621/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42621 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA42473 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0978-1: https://rhn.redhat.com/errata/RHSA-2010-0978.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 20 14:44:50 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 20 Dec 2010 23:44:50 +0100 Subject: [SEC] [SA42578] Fedora update for openttd Message-ID: <201012202244.oBKMiotD019621@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for openttd SECUNIA ADVISORY ID: SA42578 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42578/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42578 RELEASE DATE: 2010-12-20 DISCUSS ADVISORY: http://secunia.com/advisories/42578/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42578/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42578 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for openttd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA42205 SOLUTION: Apply updated packages using the yum utility ("yum update openttd"). ORIGINAL ADVISORY: FEDORA-2010-18571: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052187.html FEDORA-2010-18572: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052193.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 20 15:16:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 21 Dec 2010 00:16:30 +0100 Subject: [SEC] [SA42619] echoping Two Buffer Overflow Vulnerabilities Message-ID: <201012202316.oBKNGUZF008898@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: echoping Two Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA42619 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42619/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42619 RELEASE DATE: 2010-12-20 DISCUSS ADVISORY: http://secunia.com/advisories/42619/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42619/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42619 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in echoping, which can be exploited by malicious people to potentially compromise a user's system. 1) A boundary error exists within the "TLS_readline()" function in readline.c, which can be exploited to overflow a global buffer by sending an overly long encrypted HTTP reply to echoping. Successful exploitation requires that echoping is compiled with GNU TLS support. 2) A boundary error exists within the "SSL_readline()" function in readline.c, which can be exploited to overflow a global buffer by sending an overly long encrypted HTTP reply to echoping. Successful exploitation requires that echoping is compiled with SSL support. The vulnerabilities are confirmed in version 6.0.2. Other versions may also be affected. SOLUTION: Do not use echoping to ping untrusted servers. PROVIDED AND/OR DISCOVERED BY: Reported in a Debian bug by Dmitry Semyonov. Additional information provided by Secunia Research. ORIGINAL ADVISORY: Debian Bug #606808: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606808 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 20 15:47:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 21 Dec 2010 00:47:32 +0100 Subject: [SEC] [SA42592] LiteSpeed Web Server HTTP Header Processing Buffer Overflow Vulnerability Message-ID: <201012202347.oBKNlWXO030423@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: LiteSpeed Web Server HTTP Header Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42592 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42592/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42592 RELEASE DATE: 2010-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/42592/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42592/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42592 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Kingcope has discovered a vulnerability in LiteSpeed Web Server, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the LSAPI PHP extension (lsphp) when processing HTTP headers and can be exploited to cause a stack-based buffer overflow via an overly-long header (greater than 255 bytes) sent in a web request to a PHP script. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 4.0.18 Standard. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only (e.g. via network access control lists). PROVIDED AND/OR DISCOVERED BY: Kingcope ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0188.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 20 16:12:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 21 Dec 2010 01:12:59 +0100 Subject: [SEC] [SA42585] SUSE update for kernel Message-ID: <201012210012.oBL0CxAi019339@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SUSE update for kernel SECUNIA ADVISORY ID: SA42585 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42585/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42585 RELEASE DATE: 2010-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/42585/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42585/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42585 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for the kernel. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious local users to gain escalated privileges, disclose certain system information, bypass certain security restrictions, or cause a DoS (Denial of Service) and by malicious people to cause a DoS (Denial of Service). For more information: SA28696 SA38499 SA40205 SA40965 SA41245 SA41284 SA41440 SA41493 SA41650 SA42035 SA42094 SA42176 SA42187 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SA:2010:060: http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00004.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 20 16:48:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 21 Dec 2010 01:48:02 +0100 Subject: [SEC] [SA42604] Microsoft Windows OpenType Font Driver Three Vulnerabilities Message-ID: <201012210048.oBL0m2C2008670@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Microsoft Windows OpenType Font Driver Three Vulnerabilities SECUNIA ADVISORY ID: SA42604 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42604/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42604 RELEASE DATE: 2010-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/42604/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42604/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42604 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Three vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a user's system. 1) An array indexation error within the OpenType Font (OTF) driver while parsing OpenType fonts can be exploited to corrupt memory. 2) A double-free error due to the OpenType Font (OTF) driver not properly resetting a pointer when freeing memory can be exploited to corrupt memory via a specially crafted OpenType font. 3) An unspecified error in the OpenType Font (OTF) driver when parsing the CMAP table of an OpenType font can be exploited to corrupt memory. Successful exploitation allows execution of arbitrary code in kernel mode. SOLUTION: Apply the patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1, 2) Marc Schoenefeld, Red Hat Security Response Team 3) Paul-Kenji Cahier Furuya ORIGINAL ADVISORY: MS10-091 (KB2296199): http://www.microsoft.com/technet/security/bulletin/MS10-091.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 20 17:16:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 21 Dec 2010 02:16:13 +0100 Subject: [SEC] [SA42434] Red Hat update for openssl Message-ID: <201012210116.oBL1GDqd030068@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for openssl SECUNIA ADVISORY ID: SA42434 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42434/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42434 RELEASE DATE: 2010-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/42434/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42434/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42434 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for openssl. This fixes two vulnerabilities, where one has an unknown impact, while the other can be exploited by malicious people to bypass certain security restrictions. For more information: SA37291 SA42473 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0977-1: https://rhn.redhat.com/errata/RHSA-2010-0977.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 20 17:45:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 21 Dec 2010 02:45:10 +0100 Subject: [SEC] [SA42577] Fedora update for fontforge Message-ID: <201012210145.oBL1jAxG019125@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for fontforge SECUNIA ADVISORY ID: SA42577 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42577/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42577 RELEASE DATE: 2010-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/42577/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42577/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42577 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for fontforge. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the processing of "CHARSET_REGISTRY" header in font files, which can be exploited to cause a stack-based buffer overflow when a user opens a specially crafted Bitmap Distribution Format (BDF) font file in the font editor. Successful exploitation may allow execution of arbitrary code. SOLUTION: Apply updated packages using the yum utility ("yum update fontforge"). PROVIDED AND/OR DISCOVERED BY: Ulrik Persson ORIGINAL ADVISORY: FEDORA-2010-18573: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052201.html FEDORA-2010-18577: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052219.html Ulrik Persson: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605537 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 20 18:10:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 21 Dec 2010 03:10:10 +0100 Subject: [SEC] [SA42510] Internet Explorer CSS Import Rule Processing Use-After-Free Vulnerability Message-ID: <201012210210.oBL2AAch008003@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Internet Explorer CSS Import Rule Processing Use-After-Free Vulnerability SECUNIA ADVISORY ID: SA42510 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42510/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42510 RELEASE DATE: 2010-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/42510/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42510/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42510 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a use-after-free error when processing Cascading Style Sheets (CSS) and can be exploited to dereference freed memory via e.g. a specially crafted CSS file containing multiple import rules. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in Internet Explorer 7 and 8 on a fully patched Windows XP SP3 system. SOLUTION: Do not browse untrusted websites. PROVIDED AND/OR DISCOVERED BY: sec yun ORIGINAL ADVISORY: http://www.wooyun.org/bugs/wooyun-2010-0885 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 20 18:24:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 21 Dec 2010 03:24:47 +0100 Subject: [SEC] [SA42605] Google Chrome Multiple Vulnerabilities Message-ID: <201012210224.oBL2Oljg028810@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42605 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42605/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42605 RELEASE DATE: 2010-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/42605/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42605/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42605 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. 1) A validation error when performing message deserialisation can be exploited to cause a crash or potentially corrupt memory. This vulnerability affects 64-bit builds for Linux only. 2) An unspecified error when parsing Cascading Style Sheets (CSS) can be exploited to trigger an out-of-bounds read. 3) An unspecified error within cursor handling can be exploited to reference stale pointers. SOLUTION: Update to version 8.0.552.224. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Lei Zhang, Chromium development community 2) Chris Rohlf 3) Slawomir Blazek and Sergey Glazunov ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2010/12/stable-beta-channel-updates_13.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 20 18:45:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 21 Dec 2010 03:45:28 +0100 Subject: [SEC] [SA42441] Red Hat update for bind Message-ID: <201012210245.oBL2jSqY017482@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for bind SECUNIA ADVISORY ID: SA42441 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42441/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42441 RELEASE DATE: 2010-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/42441/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42441/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42441 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for bind. This fixes a weakness and a vulnerability, which can be exploited by malicious people to manipulate certain data and cause a DoS (Denial of Service). For more information: SA42374 SA42435 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0975-1: https://rhn.redhat.com/errata/RHSA-2010-0975.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 20 19:11:55 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 21 Dec 2010 04:11:55 +0100 Subject: [SEC] [SA42607] Microsoft Windows Movie Maker Insecure Library Loading Vulnerability Message-ID: <201012210311.oBL3BtvM006914@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Movie Maker Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA42607 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42607/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42607 RELEASE DATE: 2010-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/42607/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42607/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42607 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows Movie Maker, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a Windows Movie Maker (.mswmm) file located on a remote WebDAV or SMB share. SOLUTION: Apply the patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MS10-093 (KB2424434): http://www.microsoft.com/technet/security/bulletin/MS10-093.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 20 19:45:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 21 Dec 2010 04:45:29 +0100 Subject: [SEC] [SA42615] Microsoft Windows Netlogon RPC Service Denial of Service Vulnerability Message-ID: <201012210345.oBL3jTNk028555@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Netlogon RPC Service Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42615 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42615/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42615 RELEASE DATE: 2010-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/42615/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42615/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42615 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is cause due to a NULL-pointer dereference error in the Netlogon RPC Service of a domain controller and can be exploited to cause a server to restart via a specially crafted RPC packet. Successful exploitation requires an attacker to have administrator privileges on a machine that is joined to the affected domain. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Matthias Dieter Wallnofer and Andrew Bartlett, The Samba Team. ORIGINAL ADVISORY: MS10-101 (KB2207559): http://www.microsoft.com/technet/security/bulletin/ms10-101.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 20 20:10:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 21 Dec 2010 05:10:17 +0100 Subject: [SEC] [SA42620] Red Hat update for openssl Message-ID: <201012210410.oBL4AHiF017429@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for openssl SECUNIA ADVISORY ID: SA42620 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42620/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42620 RELEASE DATE: 2010-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/42620/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42620/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42620 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA42473 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0979-1: https://rhn.redhat.com/errata/RHSA-2010-0979.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 20 20:24:55 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 21 Dec 2010 05:24:55 +0100 Subject: [SEC] [SA42598] Novell ZENworks Desktop Management Multiple Vulnerabilities Message-ID: <201012210424.oBL4OtFZ005830@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Novell ZENworks Desktop Management Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42598 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42598/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42598 RELEASE DATE: 2010-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/42598/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42598/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42598 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Novell ZENworks Desktop Management, which can be exploited by malicious people to compromise a vulnerable system. 1) An error exists in the Remote Management Agent within ZenRem32.exe when processing certain version fields. This can be exploited to corrupt heap memory by sending a specially crafted packet to TCP or UDP port 1761. 2) Another error exists in the Remote Management Agent within ZenRem32.exe when processing the "Console DN" field of incoming requests. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet to TCP or UDP port 1761. 3) A boundary error exists within the tftpd server when processing the filename in a Read Request (0x01) packet. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted packet to UDP port 69. Successful exploitation of these vulnerabilities allows execution of arbitrary code. SOLUTION: Apply Interim Release 4 Hot Patch 5. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1, 2) sb, via ZDI. 3) Francis Provencher, Protek Research Lab's. ORIGINAL ADVISORY: Novell: http://www.novell.com/support/viewContent.do?externalId=7007320 http://www.novell.com/support/viewContent.do?externalId=7007339 http://www.novell.com/support/viewContent.do?externalId=7007321 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-283/ http://www.zerodayinitiative.com/advisories/ZDI-10-284/ http://www.zerodayinitiative.com/advisories/ZDI-10-285/ Protek Research Lab's: http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=20&Itemid=20 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 20 20:45:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 21 Dec 2010 05:45:19 +0100 Subject: [SEC] [SA42491] Debian update for collectd Message-ID: <201012210445.oBL4jJbM026886@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Debian update for collectd SECUNIA ADVISORY ID: SA42491 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42491/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42491 RELEASE DATE: 2010-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/42491/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42491/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42491 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for collectd. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service). For more information: SA42393 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA-2133-1: http://www.debian.org/security/2010/dsa-2133 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 20 21:10:51 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 21 Dec 2010 06:10:51 +0100 Subject: [SEC] [SA42613] Microsoft Windows Routing and Remote Access NDProxy Buffer Overflow Message-ID: <201012210510.oBL5ApSY015788@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Routing and Remote Access NDProxy Buffer Overflow SECUNIA ADVISORY ID: SA42613 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42613/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42613 RELEASE DATE: 2010-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/42613/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42613/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42613 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an input validation error in the NDProxy driver and can be exploited to cause a buffer overflow in the kernel via execution of a specially crafted application. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Honggang Ren, Fortinet's FortiGuard Labs. ORIGINAL ADVISORY: MS10-099 (KB2440591): http://www.microsoft.com/technet/security/bulletin/ms10-099.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 20 21:45:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 21 Dec 2010 06:45:20 +0100 Subject: [SEC] [SA42593] Symantec Antivirus Alert Management System Denial of Service Vulnerability Message-ID: <201012210545.oBL5jKiD005061@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Symantec Antivirus Alert Management System Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42593 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42593/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42593 RELEASE DATE: 2010-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/42593/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42593/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42593 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Symantec Antivirus, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a validation error in the Intel Alert Handler service (hndlrsvc.exe) when processing a AMS request and can be exploited to crash the service via a specially crafted "CommandLine" field in a request. The vulnerability is reported in Symantec Antivirus Corporate Edition 10.1.4.4010. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only (e.g. via network access control lists). PROVIDED AND/OR DISCOVERED BY: Nahuel Riva, Core Security Technologies. ORIGINAL ADVISORY: Core Security Technologies (CORE-2010-0728): http://www.coresecurity.com/content/symantec-intel-handler-service-remote-dos OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 20 22:10:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 21 Dec 2010 07:10:03 +0100 Subject: [SEC] [SA42305] SAP Crystal Reports Print ActiveX Control Buffer Overflow Vulnerability Message-ID: <201012210610.oBL6A3bx026350@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SAP Crystal Reports Print ActiveX Control Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42305 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42305/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42305 RELEASE DATE: 2010-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/42305/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42305/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42305 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered a vulnerability in SAP Crystal Reports, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the "CrystalReports12.CrystalPrintControl.1" ActiveX control (PrintControl.dll) when processing the "ServerResourceVersion" property and can be exploited to cause a heap-based buffer overflow via an overly long string. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in Crystal Reports 2008 SP3 Fix Pack 3.2 (PrintControl.dll 12.3.2.753). Other versions may also be affected. SOLUTION: Apply a workaround (please see SAP's security note 1539269). PROVIDED AND/OR DISCOVERED BY: Dmitriy Pletnev, Secunia Research. Independently discovered and disclosed by Dr_IDE. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2010-135/ Dr_IDE: http://pocoftheday.blogspot.com/2010/12/crystal-reports-viewer-1200549-activex.html SAP: https://service.sap.com/sap/support/notes/1539269 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 21 10:30:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 21 Dec 2010 19:30:27 +0100 Subject: [SEC] [SA42635] FreeNAS "lang" File Inclusion Vulnerability Message-ID: <201012211830.oBLIURbV015033@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: FreeNAS "lang" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA42635 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42635/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42635 RELEASE DATE: 2010-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/42635/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42635/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42635 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: dave b has discovered a vulnerability in FreeNAS, which can be exploited by malicious people to disclose potentially sensitive information or conduct cross-site scripting attacks. Input passed to the "lang" parameter in quixplorer/index.php is not properly verified before being used to include files in quixplorer/.include/init.php. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes. NOTE: This can further be exploited to conduct cross-site scripting attacks via PHP error messages. The vulnerability is confirmed in version 0.7.2.5543. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: dave b Additional information provided by Secunia Research. ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0516.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 21 11:30:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 21 Dec 2010 20:30:27 +0100 Subject: [SEC] [SA42567] Hycus CMS Multiple SQL Injection Vulnerabilities Message-ID: <201012211930.oBLJURqr005469@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Hycus CMS Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA42567 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42567/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42567 RELEASE DATE: 2010-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/42567/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42567/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42567 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered some vulnerabilities in Hycus CMS, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "user_name" and "usr_email" parameters to user/1/hregister.html, the "usr_email" parameter to user/1/hlogin.html, the "useremail" parameter to user/1/forgotpass.html, and the "q" parameter to search/1.html is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerabilities are confirmed in version 1.0.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: High-Tech Bridge SA: http://www.htbridge.ch/advisory/sql_injection_in_hycus_cms.html http://www.htbridge.ch/advisory/sql_injection_in_hycus_cms_1.html http://www.htbridge.ch/advisory/sql_injection_in_hycus_cms_2.html http://www.htbridge.ch/advisory/sql_injection_in_hycus_cms_3.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 21 12:30:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 21 Dec 2010 21:30:09 +0100 Subject: [SEC] [SA42503] PrestaShop Cross-Site Scripting Vulnerability Message-ID: <201012212030.oBLKU9cQ028331@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: PrestaShop Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42503 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42503/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42503 RELEASE DATE: 2010-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/42503/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42503/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42503 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Sow Ching Shiong has discovered a vulnerability in PrestaShop, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the URL to index.php, contact-form.php, sitemap.php, order.php, search.php, category.php, manufacturer.php, product.php, new-products.php, best-sales.php, prices-drop.php, supplier.php, authentication.php, password.php, and 404.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.3.3. Other versions may also be affected. SOLUTION: Fixed in version 1.4.0.4. PROVIDED AND/OR DISCOVERED BY: Sow Ching Shiong via Secunia. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 21 13:30:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 21 Dec 2010 22:30:27 +0100 Subject: [SEC] [SA42719] ManageEngine OpManager "viewCount" Cross-Site Scripting Vulnerability Message-ID: <201012212130.oBLLURMD018800@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: ManageEngine OpManager "viewCount" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42719 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42719/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42719 RELEASE DATE: 2010-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/42719/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42719/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42719 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in ManageEngine OpManager, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "viewCount" parameter to reports/Availability.do (when "reportType" is set to "dashboard") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in an administrative user's browser session in context of an affected site. The vulnerability is confirmed in version 8 build 8721. Other versions may also be affected. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: Mohammad Abou Hayt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 21 14:45:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 21 Dec 2010 23:45:19 +0100 Subject: [SEC] [SA42695] ImpressCMS "quicksearch_ContentContent" Cross-Site Scripting Vulnerability Message-ID: <201012212245.oBLMjJaL030091@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: ImpressCMS "quicksearch_ContentContent" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42695 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42695/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42695 RELEASE DATE: 2010-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/42695/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42695/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42695 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in ImpressCMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "quicksearch_ContentContent" parameter in modules/content/admin/content.php is not properly sanitised before being returned to the administrator. This can be exploited to execute arbitrary HTML and script code in an administrator's browser session in context of an affected site. The vulnerability is confirmed in version 1.2.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: http://www.htbridge.ch/advisory/xss_vulnerability_in_impresscms.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 21 14:24:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 21 Dec 2010 23:24:38 +0100 Subject: [SEC] [SA42636] Vacation Rental Script File Upload Vulnerability Message-ID: <201012212224.oBLMOcZo009005@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Vacation Rental Script File Upload Vulnerability SECUNIA ADVISORY ID: SA42636 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42636/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42636 RELEASE DATE: 2010-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/42636/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42636/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42636 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Vacation Rental Script, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to the application allowing the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to execute arbitrary PHP code by uploading a PHP file with e.g. an "image/gif" content type. The vulnerability is confirmed in version 4 demo edition. Other versions may also be affected. SOLUTION: Restrict access to the public/upload/logos/ directory (e.g. via .htaccess). PROVIDED AND/OR DISCOVERED BY: Br0ly OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 21 15:18:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 22 Dec 2010 00:18:31 +0100 Subject: [SEC] [SA42694] MHonArc HTML Mail Conversion Cross-Site Scripting Vulnerability Message-ID: <201012212318.oBLNIV2r019443@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: MHonArc HTML Mail Conversion Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42694 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42694/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42694 RELEASE DATE: 2010-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/42694/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42694/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42694 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in MHonArc, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via specially crafted HTML tags is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session when the converted mail is viewed. The vulnerability is confirmed in version 2.6.16. Other versions may also be affected. SOLUTION: Do not convert HTML mail from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Reported by non-customers in a Debian bug report. ORIGINAL ADVISORY: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607693 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 21 15:47:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 22 Dec 2010 00:47:09 +0100 Subject: [SEC] [SA42707] Red Hat update for bind Message-ID: <201012212347.oBLNl9tl008488@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for bind SECUNIA ADVISORY ID: SA42707 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42707/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42707 RELEASE DATE: 2010-12-22 DISCUSS ADVISORY: http://secunia.com/advisories/42707/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42707/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42707 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA42374 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:1000-1: http://rhn.redhat.com/errata/RHSA-2010-1000.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 21 16:13:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 22 Dec 2010 01:13:21 +0100 Subject: [SEC] [SA42664] Html-edit CMS Cross-Site Scripting and SQL Injection Vulnerabilities Message-ID: <201012220013.oBM0DLCT029833@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Html-edit CMS Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA42664 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42664/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42664 RELEASE DATE: 2010-12-22 DISCUSS ADVISORY: http://secunia.com/advisories/42664/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42664/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42664 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Html-edit CMS, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Input passed to the "nuser" parameter in index.php (if "pageid" is set to "ext", "ext" is set to "login", and "extpage" is set to "registrate") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed via the "error" parameter in index.php to extensions/login/frontend/index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected website. The vulnerabilities are confirmed in version 3.1.8. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: 1) http://www.htbridge.ch/advisory/sql_injection_in_html_edit_cms.html 2) http://www.htbridge.ch/advisory/xss_in_html_edit_cms.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 21 16:46:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 22 Dec 2010 01:46:47 +0100 Subject: [SEC] [SA42686] Sybase Afaria Cross-Site Request Forgery Vulnerability Message-ID: <201012220046.oBM0klWn019078@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Sybase Afaria Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA42686 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42686/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42686 RELEASE DATE: 2010-12-22 DISCUSS ADVISORY: http://secunia.com/advisories/42686/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42686/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42686 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Sybase Afaria, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without making proper validity checks to verify the requests. This can be exploited to e.g. setup malicious event handlers and potentially execute arbitrary code by tricking a logged-in administrator into visiting a malicious web site. The vulnerability is reported in Sybase Afaria prior to version 6.0 Service Pack 1 Hot Fix 28 and version 6.5 Hot Fix 55. SOLUTION: Apply hot fixes. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Knud Erik Hojgaard, nSense ORIGINAL ADVISORY: nSense Advisory NSENSE-2010-004: http://www.nsense.fi/advisories/nsense_2010_004.txt Afaria Release Notes: http://frontline.sybase.com/support/downloads/Afaria/6_0_SP1/60Sp1AfariaFx28/60Sp1AfariaFx28.htm http://frontline.sybase.com/support/downloads/Afaria/6_5/65AfariaFx55/65AfariaFx55Admin/65AfariaFx55.htm OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 21 17:15:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 22 Dec 2010 02:15:09 +0100 Subject: [SEC] [SA42690] Red Hat update for libvpx Message-ID: <201012220115.oBM1F9TL008111@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for libvpx SECUNIA ADVISORY ID: SA42690 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42690/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42690 RELEASE DATE: 2010-12-22 DISCUSS ADVISORY: http://secunia.com/advisories/42690/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42690/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42690 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for libvpx. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA42118 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010-0999: https://rhn.redhat.com/errata/RHSA-2010-0999.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 21 17:45:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 22 Dec 2010 02:45:26 +0100 Subject: [SEC] [SA42685] AhnLab V3 Internet Security "AhnRec2k.sys" Privilege Escalation Vulnerability Message-ID: <201012220145.oBM1jQRt029632@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: AhnLab V3 Internet Security "AhnRec2k.sys" Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA42685 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42685/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42685 RELEASE DATE: 2010-12-22 DISCUSS ADVISORY: http://secunia.com/advisories/42685/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42685/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42685 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in AhnLab V3 Internet Security, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an error in the "AhnRec2k.sys" kernel driver when processing IOCTLs and can be exploited to gain escalated privileges by sending a specially crafted 0x8101261C IOCTL. Successful exploitation allows execution of arbitrary code in the kernel. The vulnerability is confirmed in AhnLab V3 Internet Security 8.0.2.6 (Build 630) and AhnRec2k.sys version 1.2.0.3 and is reported in AhnLab V3 Internet Security 8.0.3.28 (Build 746) and AhnRec2k.sys version 1.2.0.4. Other versions may also be affected. SOLUTION: Restrict access to trusted users. PROVIDED AND/OR DISCOVERED BY: MJ0011 ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/15761/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 21 18:10:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 22 Dec 2010 03:10:48 +0100 Subject: [SEC] [SA42696] HP StorageWorks Storage Mirroring Software Unspecified Code Execution Vulnerability Message-ID: <201012220210.oBM2Am55018534@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HP StorageWorks Storage Mirroring Software Unspecified Code Execution Vulnerability SECUNIA ADVISORY ID: SA42696 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42696/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42696 RELEASE DATE: 2010-12-22 DISCUSS ADVISORY: http://secunia.com/advisories/42696/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42696/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42696 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP StorageWorks Storage Mirroring Software, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified error. No more details are currently available. The vulnerability is reported in versions prior to 5.2.2.1771.2. SOLUTION: Update to version 5.2.2.1771.2 or later. Please contact HP Services support channel for details. PROVIDED AND/OR DISCOVERED BY: The vendor credits Abdul Aziz Hariri, ThirdEyeTesters. ORIGINAL ADVISORY: HPSBST02619 SSRT100281: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02660122 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 21 18:45:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 22 Dec 2010 03:45:36 +0100 Subject: [SEC] [SA42689] Calibre Cross-Site Scripting and File Disclosure Vulnerabilities Message-ID: <201012220245.oBM2jaLV007861@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Calibre Cross-Site Scripting and File Disclosure Vulnerabilities SECUNIA ADVISORY ID: SA42689 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42689/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42689 RELEASE DATE: 2010-12-22 DISCUSS ADVISORY: http://secunia.com/advisories/42689/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42689/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42689 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Janek Vind has discovered two vulnerabilities in Calibre, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks. 1) Input passed via the URL is not properly verified before being used to display files in site-packages/calibre/library/server/content.py and can be exploited to disclose the contents of arbitrary files via directory traversal attacks and a trailing dot in the filename. 2) Input passed to the "query" parameter in browse/search is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation of these vulnerabilities requires the "Content Server" to be enabled (disabled by default). The vulnerabilities are confirmed in version 0.7.34. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. Filter malicious characters and character sequences in a proxy. PROVIDED AND/OR DISCOVERED BY: Janek Vind ORIGINAL ADVISORY: http://www.waraxe.us/advisory-77.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 21 19:14:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 22 Dec 2010 04:14:16 +0100 Subject: [SEC] [SA42688] Habari "additem_form" and "status_data[]" Cross-Site Scripting Vulnerabilities Message-ID: <201012220314.oBM3EGeA029799@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Habari "additem_form" and "status_data[]" Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA42688 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42688/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42688 RELEASE DATE: 2010-12-22 DISCUSS ADVISORY: http://secunia.com/advisories/42688/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42688/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42688 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered some vulnerabilities in Habari, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed to the "additem_form" parameter in system/admin/dash_additem.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. 2) Input passed to the "status_data[]" parameter in system/admin/dash_status.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Successful exploitation of the vulnerabilities requires that "register_globals" is enabled. The vulnerabilities are confirmed in version 0.6.5. Prior versions may also be affected. SOLUTION: Update to version 0.6.6. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: Habari: http://wiki.habariproject.org/en/Release_0.6.6 High-Tech Bridge SA (HTB22731, HTB22733): http://www.htbridge.ch/advisory/xss_vulnerability_in_habari.html http://www.htbridge.ch/advisory/xss_vulnerability_in_habari_1.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 21 19:45:15 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 22 Dec 2010 04:45:15 +0100 Subject: [SEC] [SA42507] Openfiler "device" Cross-Site Scripting Vulnerability Message-ID: <201012220345.oBM3jFKZ018930@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Openfiler "device" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42507 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42507/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42507 RELEASE DATE: 2010-12-22 DISCUSS ADVISORY: http://secunia.com/advisories/42507/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42507/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42507 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Openfiler, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "device" parameter to admin/system.html (when "step" is set to e.g. "2") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in an administrative user's browser session in context of an affected site. The vulnerability is confirmed in version 2.3 for the 32-bit Intel platform, GUI Version: r1653-1-1. Other versions may also be affected. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: dave b ORIGINAL ADVISORY: dave b: http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0523.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 21 20:10:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 22 Dec 2010 05:10:12 +0100 Subject: [SEC] [SA35632] BlackBerry Enterprise Server PDF Distiller Buffer Overflow Vulnerability Message-ID: <201012220410.oBM4AC5q007815@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: BlackBerry Enterprise Server PDF Distiller Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA35632 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/35632/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=35632 RELEASE DATE: 2010-12-22 DISCUSS ADVISORY: http://secunia.com/advisories/35632/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/35632/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=35632 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in BlackBerry Enterprise Server, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerability is caused due to an unspecified error within the PDF distiller of the BlackBerry Attachment Service component. This can be exploited to cause a buffer overflow when a specially crafted PDF file is opened for viewing on a BlackBerry smartphone. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in BlackBerry Enterprise Server versions 4.1.3 through 5.0.2. SOLUTION: Update to the latest version or apply the Interim Security Update. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB24761 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 21 20:24:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 22 Dec 2010 05:24:21 +0100 Subject: [SEC] [SA42633] Microsoft Exchange Server RPC Denial of Service Vulnerability Message-ID: <201012220424.oBM4OLD0028612@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Microsoft Exchange Server RPC Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42633 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42633/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42633 RELEASE DATE: 2010-12-22 DISCUSS ADVISORY: http://secunia.com/advisories/42633/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42633/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42633 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Exchange Server, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the Exchange Server store (store.exe) when processing RPC requests and can be exploited to cause an infinite loop within the service via a specially crafted request. Successful exploitation requires a server to be configured with the "Mailbox Server" role. The vulnerability is reported for Microsoft Exchange Server 2007 SP2 for x64-based systems only. SOLUTION: Apply patch. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Oleksandr Mirosh, reported via ZDI. ORIGINAL ADVISORY: MS10-106 (KB2407132): http://www.microsoft.com/technet/security/bulletin/MS10-106.mspx ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-286/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 21 20:45:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 22 Dec 2010 05:45:22 +0100 Subject: [SEC] [SA42614] Microsoft Windows Consent User Interface Privilege Escalation Vulnerability Message-ID: <201012220445.oBM4jMde017311@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Consent User Interface Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA42614 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42614/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42614 RELEASE DATE: 2010-12-22 DISCUSS ADVISORY: http://secunia.com/advisories/42614/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42614/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42614 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an error in the User Account Control (UAC) Consent UI component when processing certain registry values and can be exploited to gain "LocalSystem" privileges. Successful exploitation requires the "Impersonate a client after authentication" (SeImpersonatePrivilege) user right. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Cesar Cerrudo, Argeniss. ORIGINAL ADVISORY: MS10-100 (KB2442962): http://www.microsoft.com/technet/security/bulletin/MS10-100.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 21 21:10:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 22 Dec 2010 06:10:49 +0100 Subject: [SEC] [SA42617] Microsoft Windows Hyper-V VMBus Denial of Service Vulnerability Message-ID: <201012220510.oBM5AnLc006197@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Hyper-V VMBus Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42617 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42617/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42617 RELEASE DATE: 2010-12-22 DISCUSS ADVISORY: http://secunia.com/advisories/42617/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42617/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42617 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to a validation error when processing encapsulated packets sent to the VMBus communication channel. This can be exploited to cause the Hyper-V server and all guest virtual machines to stop responding via a specially crafted packet. Successful exploitation requires an attacker to have local logon privileges within a guest virtual machine. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits HP and techit.de. ORIGINAL ADVISORY: MS10-102 (KB2345316): http://www.microsoft.com/technet/security/bulletin/ms10-102.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 21 21:45:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 22 Dec 2010 06:45:28 +0100 Subject: [SEC] [SA35796] SAP NetWeaver Business Client "SapThemeRepository" ActiveX Control Buffer Overflow Message-ID: <201012220545.oBM5jS3J027918@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SAP NetWeaver Business Client "SapThemeRepository" ActiveX Control Buffer Overflow SECUNIA ADVISORY ID: SA35796 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/35796/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=35796 RELEASE DATE: 2010-12-22 DISCUSS ADVISORY: http://secunia.com/advisories/35796/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/35796/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=35796 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in SAP NetWeaver Business Client, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the "SapThemeRepository" ActiveX control (sapwdpcd.dll) when processing the "Load" and "LoadTheme" methods and can be exploited to cause a stack-based buffer overflow via an overly long string. Successful exploitation may allow execution of arbitrary code. SOLUTION: Apply patch (please see SAP's security note 1519966). PROVIDED AND/OR DISCOVERED BY: Alexandr Polyakov and Alexey Sintsov, Digital Security Research Group, reported via ZDI. ORIGINAL ADVISORY: SAP: https://service.sap.com/sap/support/notes/1519966 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-290/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 21 22:10:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 22 Dec 2010 07:10:34 +0100 Subject: [SEC] [SA42631] Microsoft SharePoint Document Conversions Launcher Service Vulnerability Message-ID: <201012220610.oBM6AYqe016803@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Microsoft SharePoint Document Conversions Launcher Service Vulnerability SECUNIA ADVISORY ID: SA42631 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42631/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42631 RELEASE DATE: 2010-12-22 DISCUSS ADVISORY: http://secunia.com/advisories/42631/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42631/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42631 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft SharePoint, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a validation error when processing SOAP requests sent to the Document Conversions Launcher service and can be exploited via a specially crafted request to upload and execute an arbitrary file on an affected server. Successful exploitation allows execution of arbitrary code in the context of a guest account, but requires the Document Conversions Load Balancer and Launcher service to be enabled (disabled by default). SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Oleksandr Mirosh, reported via ZDI. ORIGINAL ADVISORY: MS10-104 (KB2433089): http://www.microsoft.com/technet/security/bulletin/MS10-104.mspx ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-287/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 22 10:30:55 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 22 Dec 2010 19:30:55 +0100 Subject: [SEC] [SA42709] JobAppr Multiple Vulnerabilities Message-ID: <201012221830.oBMIUt8C013529@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: JobAppr Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42709 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42709/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42709 RELEASE DATE: 2010-12-22 DISCUSS ADVISORY: http://secunia.com/advisories/42709/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42709/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42709 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in JobAppr, which can be exploited by malicious people to conduct cross-site scripting, cross-site request forgery, and SQL injection attacks. 1) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change the administrator's username and password by tricking the administrator into visiting a malicious website. 2) Input passed to the "form_id" parameter in post.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 3) Input passed to the "title", "location", "description", and "company" parameters in post.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected website. The vulnerabilities are reported in version 1.4. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Do not browse other website while being logged in to the application. PROVIDED AND/OR DISCOVERED BY: giudinvx ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/15804/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 22 11:30:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 22 Dec 2010 20:30:30 +0100 Subject: [SEC] [SA42559] logrotate Privilege Escalation Security Issue Message-ID: <201012221930.oBMJUUDb003962@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: logrotate Privilege Escalation Security Issue SECUNIA ADVISORY ID: SA42559 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42559/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42559 RELEASE DATE: 2010-12-22 DISCUSS ADVISORY: http://secunia.com/advisories/42559/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42559/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42559 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been discovered in logrotate, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The logrotate utility does not properly handle symlinked files. This can be exploited to e.g. change the ownership and permissions of arbitrary files via symlink attacks. The security issue is confirmed in version 3.7.9. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Reported in a Debian bug by Florian Zumbiehl. ORIGINAL ADVISORY: Debian Bug #388608: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388608 http://lists.debian.org/debian-qa/2010/11/msg00024.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 22 12:30:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 22 Dec 2010 21:30:47 +0100 Subject: [SEC] [SA42701] CommunityManager.NET Authentication Bypass Vulnerability Message-ID: <201012222030.oBMKUl5Q026881@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: CommunityManager.NET Authentication Bypass Vulnerability SECUNIA ADVISORY ID: SA42701 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42701/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42701 RELEASE DATE: 2010-12-22 DISCUSS ADVISORY: http://secunia.com/advisories/42701/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42701/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42701 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Sense of Security has reported a vulnerability in CommunityManager.NET, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to a validation error when identifying a user of web requests. This can be exploited to bypass the authentication mechanism by setting the "CMLogUserwww2" and "OnlineLearnUserwww2" cookie values to a valid user ID. Successful exploitation requires creating a valid ASP.NET session ID. The vulnerability is reported in version 6.7. Other versions may also be affected. SOLUTION: Reportedly a patch has been released. Contact the vendor for further information. PROVIDED AND/OR DISCOVERED BY: Sense of Security ORIGINAL ADVISORY: Sense of Security: http://www.senseofsecurity.com.au/advisories/SOS-10-004 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 22 13:30:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 22 Dec 2010 22:30:38 +0100 Subject: [SEC] [SA42705] Joomla! JE Auto Component "view" Local File Inclusion Vulnerability Message-ID: <201012222130.oBMLUc86017352@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Joomla! JE Auto Component "view" Local File Inclusion Vulnerability SECUNIA ADVISORY ID: SA42705 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42705/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42705 RELEASE DATE: 2010-12-22 DISCUSS ADVISORY: http://secunia.com/advisories/42705/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42705/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42705 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the JE Auto component for Joomla!, which can be exploited by malicious people to disclose sensitive information. Input passed via the "view" parameter to index.php (when "option" is set to "com_jeauto") is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. The vulnerability is reported in version 1.1. Other versions may also be affected. SOLUTION: Update to version 1.2. PROVIDED AND/OR DISCOVERED BY: Sid3^effects OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 22 14:24:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 22 Dec 2010 23:24:23 +0100 Subject: [SEC] [SA42641] WordPress Accept Signups Plugin "email" Script Insertion Vulnerability Message-ID: <201012222224.oBMMONPW007564@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: WordPress Accept Signups Plugin "email" Script Insertion Vulnerability SECUNIA ADVISORY ID: SA42641 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42641/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42641 RELEASE DATE: 2010-12-22 DISCUSS ADVISORY: http://secunia.com/advisories/42641/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42641/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42641 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Accept Signups plugin for WordPress, which can be exploited by malicious people to conduct script insertion attacks. Input passed via the "email" parameter to wp-content/plugins/accept-signups/accept-signups_submit.php is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerability is confirmed in version 0.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: clshack OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 22 14:45:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 22 Dec 2010 23:45:21 +0100 Subject: [SEC] [SA42697] Mitel Audio and Web Conferencing (AWC) Shell Command Injection Vulnerability Message-ID: <201012222245.oBMMjLs8028698@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Mitel Audio and Web Conferencing (AWC) Shell Command Injection Vulnerability SECUNIA ADVISORY ID: SA42697 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42697/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42697 RELEASE DATE: 2010-12-22 DISCUSS ADVISORY: http://secunia.com/advisories/42697/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42697/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42697 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Jan Fry has reported a vulnerability in Mitel Audio and Web Conferencing (AWC), which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "xsl" parameter to awcuser/cgi-bin/vcs is not properly sanitised before being used as a command line argument. This can be exploited to inject arbitrary shell commands. SOLUTION: Reportedly a patch has been released. Contact the vendor for further information. PROVIDED AND/OR DISCOVERED BY: Jan Fry, ProCheckUp ORIGINAL ADVISORY: ProCheckUp (PR10-14): http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-14 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 22 15:17:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 23 Dec 2010 00:17:05 +0100 Subject: [SEC] [SA42724] Blue Coat Reporter OpenSSL Multiple Vulnerabilities Message-ID: <201012222317.oBMNH5MH018015@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Blue Coat Reporter OpenSSL Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42724 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42724/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42724 RELEASE DATE: 2010-12-22 DISCUSS ADVISORY: http://secunia.com/advisories/42724/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42724/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42724 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Blue Coat has acknowledged some vulnerabilities in Reporter, where one has unknown impacts and the others can be exploited by malicious people to manipulate certain data, bypass certain security restrictions, cause a DoS (Denial of Service), potentially compromise an application using the library. For more information: SA40000 SA38807 SA38200 SA37291 SA35128 SA34411 SA28046 SOLUTION: Apply fixes. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SA50: https://kb.bluecoat.com/index?page=content&id=SA50 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 22 15:47:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 23 Dec 2010 00:47:30 +0100 Subject: [SEC] [SA42713] Microsoft IIS FTP Server Pre-Authentication Memory Corruption Message-ID: <201012222347.oBMNlUGv007158@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Microsoft IIS FTP Server Pre-Authentication Memory Corruption SECUNIA ADVISORY ID: SA42713 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42713/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42713 RELEASE DATE: 2010-12-23 DISCUSS ADVISORY: http://secunia.com/advisories/42713/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42713/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42713 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Matthew Bergin has discovered a vulnerability in Microsoft Internet Information Services (IIS), which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due to an error when processing FTP requests and can be exploited to corrupt memory via an overly long, specially crafted request. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in a fully patched IIS 7.5 for Windows 7 Professional. Other versions may also be affected. SOLUTION: Restrict traffic to the FTP service. PROVIDED AND/OR DISCOVERED BY: Matthew Bergin ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/15803/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 22 16:12:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 23 Dec 2010 01:12:47 +0100 Subject: [SEC] [SA42693] Microsoft WMI Administrative Tools WMI Object Viewer ActiveX Control Vulnerabilities Message-ID: <201012230012.oBN0Cler028499@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Microsoft WMI Administrative Tools WMI Object Viewer ActiveX Control Vulnerabilities SECUNIA ADVISORY ID: SA42693 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42693/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42693 RELEASE DATE: 2010-12-23 DISCUSS ADVISORY: http://secunia.com/advisories/42693/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42693/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42693 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in Microsoft WMI Administrative Tools, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to the "AddContextRef()" and "ReleaseContext()" methods in the WMI Object Viewer Control (WBEM.SingleViewCtrl.1) using a value passed in the "lCtxHandle" parameter as an object pointer. Successful exploitation allows execution of arbitrary code. The vulnerabilities are confirmed in version 1.1 (WBEMSingleView.ocx 1.50.1131.0). Other versions may also be affected. SOLUTION: Set the kill-bit for the affected ActiveX control. PROVIDED AND/OR DISCOVERED BY: WooYun Additional information about vulnerability in the "ReleaseContext()" method provided by Secunia Research. ORIGINAL ADVISORY: http://www.wooyun.org/bugs/wooyun-2010-01006 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 22 16:46:52 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 23 Dec 2010 01:46:52 +0100 Subject: [SEC] [SA42691] Debian update for xpdf Message-ID: <201012230046.oBN0kqrA017824@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Debian update for xpdf SECUNIA ADVISORY ID: SA42691 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42691/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42691 RELEASE DATE: 2010-12-23 DISCUSS ADVISORY: http://secunia.com/advisories/42691/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42691/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42691 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for xpdf. This fixes two vulnerabilities, which can potentially be exploited by malicious people to compromise a user's system. For more information: SA41709 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA 2135-1: http://lists.debian.org/debian-security-announce/2010/msg00186.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 22 17:12:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 23 Dec 2010 02:12:36 +0100 Subject: [SEC] [SA42733] Blue Coat Reporter OpenSSL Multiple Vulnerabilities Message-ID: <201012230112.oBN1CaH5006778@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Blue Coat Reporter OpenSSL Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42733 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42733/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42733 RELEASE DATE: 2010-12-23 DISCUSS ADVISORY: http://secunia.com/advisories/42733/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42733/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42733 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Blue Coat has acknowledged some vulnerabilities in Reporter, where one has unknown impacts and the others can be exploited by malicious people to manipulate certain data, bypass certain security restrictions, cause a DoS (Denial of Service), potentially compromise an application using the library. For more information: SA42724 SOLUTION: The vendor recommends to deploy the device behind a firewall and restrict access to trusted users only. ORIGINAL ADVISORY: SA50: https://kb.bluecoat.com/index?page=content&id=SA50 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 22 17:45:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 23 Dec 2010 02:45:09 +0100 Subject: [SEC] [SA42730] IntegraXor "file_name" File Disclosure Vulnerability Message-ID: <201012230145.oBN1j9t7028440@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IntegraXor "file_name" File Disclosure Vulnerability SECUNIA ADVISORY ID: SA42730 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42730/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42730 RELEASE DATE: 2010-12-23 DISCUSS ADVISORY: http://secunia.com/advisories/42730/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42730/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42730 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered a vulnerability in IntegraXor, which can be exploited by malicious people to disclose potentially sensitive information. Input passed to the "file_name" parameter in "//open" (where "" is a valid project) is not properly verified before being used to display files. This can be exploited to include arbitrary files from local resources via directory traversal attacks. Successful exploitation requires the IntegraXor Server to be started and running a project (off by default). The vulnerability is confirmed in version 3.6.4000.0. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only (e.g. via network access control lists). PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/integraxor_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 22 18:10:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 23 Dec 2010 03:10:32 +0100 Subject: [SEC] [SA42731] Red Hat update for git Message-ID: <201012230210.oBN2AWf8017358@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for git SECUNIA ADVISORY ID: SA42731 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42731/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42731 RELEASE DATE: 2010-12-23 DISCUSS ADVISORY: http://secunia.com/advisories/42731/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42731/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42731 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for git. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA42645 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:1003-1: https://rhn.redhat.com/errata/RHSA-2010-1003.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 22 18:25:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 23 Dec 2010 03:25:02 +0100 Subject: [SEC] [SA42734] IntegraXor Insecure Library Loading Vulnerability Message-ID: <201012230225.oBN2P20m005799@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IntegraXor Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA42734 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42734/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42734 RELEASE DATE: 2010-12-23 DISCUSS ADVISORY: http://secunia.com/advisories/42734/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42734/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42734 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in IntegraXor, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a IGX file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 3.6.4000.0. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Mister Teatime OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 22 18:45:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 23 Dec 2010 03:45:17 +0100 Subject: [SEC] [SA42591] VMware ESXi Update Installer SFCB Authentication Security Bypass Message-ID: <201012230245.oBN2jHO2026896@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: VMware ESXi Update Installer SFCB Authentication Security Bypass SECUNIA ADVISORY ID: SA42591 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42591/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42591 RELEASE DATE: 2010-12-23 DISCUSS ADVISORY: http://secunia.com/advisories/42591/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42591/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42591 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in VMware ESXi, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to the Update Installer incorrectly handling the SFCB authentication mode, which can lead to the SFCB authentication allowing arbitrary username and password combinations. Successful exploitation requires that ESXi 4.1 was upgraded from ESXi 3.5 or 4.0, the SFCB configuration file (/etc/sfcb/sfcb.cfg) was modified prior to the upgrade, and that the sfcbd daemon is running (default). The security issue is reported in version 4.1. SOLUTION: Follow the vendor's workaround. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: VMSA-2010-0020: http://www.vmware.com/security/advisories/VMSA-2010-0020.html VMware Knowledge Base Article #1031761: http://kb.vmware.com/kb/1031761 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 22 19:16:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 23 Dec 2010 04:16:00 +0100 Subject: [SEC] [SA42609] Microsoft Windows BranchCache Insecure Library Loading Vulnerability Message-ID: <201012230316.oBN3G0gH016554@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Microsoft Windows BranchCache Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA42609 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42609/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42609 RELEASE DATE: 2010-12-23 DISCUSS ADVISORY: http://secunia.com/advisories/42609/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42609/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42609 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to certain applications loading a BranchCache DLL library in an insecure manner. This can be exploited to load an arbitrary library by tricking a user into e.g. opening .eml and .rss (Windows Live Mail) or .wpost (Microsoft Live Writer) files located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply the patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Haifei Li, Fortinet's FortiGuard Labs. ORIGINAL ADVISORY: MS10-095 (KB2385678): http://www.microsoft.com/technet/security/bulletin/MS10-095.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 22 19:45:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 23 Dec 2010 04:45:28 +0100 Subject: [SEC] [SA42608] PmWiki "from" Cross-Site Scripting Vulnerability Message-ID: <201012230345.oBN3jSYC005662@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: PmWiki "from" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42608 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42608/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42608 RELEASE DATE: 2010-12-23 DISCUSS ADVISORY: http://secunia.com/advisories/42608/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42608/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42608 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in PmWiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "from" parameter to pmwiki.php (when "n" is set to "Main.WikiSandbox") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 2.2.20. Prior versions may also be affected. SOLUTION: Update to version 2.2.21. PROVIDED AND/OR DISCOVERED BY: * The vendor credits DFaure. * Independently reported by dave b. ORIGINAL ADVISORY: PmWiki: http://www.pmwiki.org/wiki/PmWiki/ChangeLog OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 22 20:10:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 23 Dec 2010 05:10:28 +0100 Subject: [SEC] [SA42595] Mura CMS Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201012230410.oBN4ASGd026966@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Mura CMS Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA42595 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42595/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42595 RELEASE DATE: 2010-12-23 DISCUSS ADVISORY: http://secunia.com/advisories/42595/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42595/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42595 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in Mura CMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via e.g. the "fusebox.ajax" parameter to admin/view/layouts/template.cfm (when "myfusebox.originalcircuit" is set) and e.g. via the "rsEmail.site" parameter to default/includes/email/inc_email.cfm is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 5.3.3421. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Richard Brain , ProCheckUp ORIGINAL ADVISORY: http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-09 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 22 20:25:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 23 Dec 2010 05:25:02 +0100 Subject: [SEC] [SA42579] Fedora update for xfig Message-ID: <201012230425.oBN4P2il015411@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for xfig SECUNIA ADVISORY ID: SA42579 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42579/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42579 RELEASE DATE: 2010-12-23 DISCUSS ADVISORY: http://secunia.com/advisories/42579/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42579/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42579 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for xfig. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA37571 SOLUTION: Apply updated packages using the yum utility ("yum update xfig"). ORIGINAL ADVISORY: FEDORA-2010-18589: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052247.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 22 20:45:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 23 Dec 2010 05:45:33 +0100 Subject: [SEC] [SA42527] Microsoft Remote Access Phonebook Insecure Executable Loading Vulnerability Message-ID: <201012230445.oBN4jXAm004100@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Microsoft Remote Access Phonebook Insecure Executable Loading Vulnerability SECUNIA ADVISORY ID: SA42527 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42527/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42527 RELEASE DATE: 2010-12-23 DISCUSS ADVISORY: http://secunia.com/advisories/42527/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42527/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42527 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the Remote Access Phonebook (rasphone.exe) loading the Microsoft HTML Help application (hh.exe) in an insecure manner and can be exploited by tricking a user into e.g. opening a PBK file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code, but requires some user interaction. The vulnerability is confirmed on a fully patched Windows XP SP3 system. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Mister Teatime OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 22 21:10:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 23 Dec 2010 06:10:35 +0100 Subject: [SEC] [SA42532] Red Hat HelixPlayer Multiple Vulnerabilities Message-ID: <201012230510.oBN5AZQK025431@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat HelixPlayer Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42532 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42532/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42532 RELEASE DATE: 2010-12-23 DISCUSS ADVISORY: http://secunia.com/advisories/42532/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42532/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42532 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has acknowledged multiple vulnerabilities in HelixPlayer, which can be exploited by malicious people to compromise a user's system. For more information: SA42565 The vulnerabilities are reported in HelixPlayer 1.0.6 as shipped with Red Hat Desktop 4 and Red Hat Enterprise Linux AS 4, ES 4, and WS 4. SOLUTION: The vendor recommends to no longer use the affected package. ORIGINAL ADVISORY: RHSA-2010:0981-1: http://rhn.redhat.com/errata/RHSA-2010-0981.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 22 21:25:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 23 Dec 2010 06:25:59 +0100 Subject: [SEC] [SA42639] IBM Tivoli Storage Manager (TSM) Client Multiple Vulnerabilities Message-ID: <201012230525.oBN5PxZ1013909@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM Tivoli Storage Manager (TSM) Client Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42639 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42639/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42639 RELEASE DATE: 2010-12-23 DISCUSS ADVISORY: http://secunia.com/advisories/42639/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42639/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42639 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in IBM Tivoli Storage Manager (TSM) Client, which can be exploited by malicious, local users to gain escalated privileges and by malicious users to compromise a vulnerable system. 1) A boundary error exists within the "GeneratePassword()" function in dsmtca. This can be exploited to cause a stack-based buffer overflow and gain escalated privileges. 2) An unspecified error in the backup-archive clients can be exploited to overwrite certain files. 3) An error within the Hierarchical Storage Management client can be exploited to execute arbitrary commands and e.g. read, copy, modify, or delete arbitrary files. Please see the vendor's advisory for details on affected versions. SOLUTION: Apply patches. Please see the vendor's advisory for details. PROVIDED AND/OR DISCOVERED BY: 1) Peter Wilhelmsen and Daniel Kalici, Kryptos Logic. 2, 3) Reported by the vendor. ORIGINAL ADVISORY: IBM (IC65491, IC66686, IC69150) http://www-01.ibm.com/support/docview.wss?uid=swg21454745 http://www-01.ibm.com/support/docview.wss?uid=swg24028681 http://www-01.ibm.com/support/docview.wss?uid=swg24028090 http://www-01.ibm.com/support/docview.wss?uid=swg24027432 http://www-01.ibm.com/support/docview.wss?uid=swg24024082 Kryptos Logic: http://www.kryptoslogic.com/advisories/2010/kryptoslogic-ibm-tivoli-dsmtca.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 22 21:45:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 23 Dec 2010 06:45:39 +0100 Subject: [SEC] [SA42640] TIBCO Products ActiveMatrix Runtime JMX Connections Code Execution Vulnerability Message-ID: <201012230545.oBN5jd7w002537@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: TIBCO Products ActiveMatrix Runtime JMX Connections Code Execution Vulnerability SECUNIA ADVISORY ID: SA42640 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42640/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42640 RELEASE DATE: 2010-12-23 DISCUSS ADVISORY: http://secunia.com/advisories/42640/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42640/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42640 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in multiple TIBCO products, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified error in the ActiveMatrix Runtime component when handling JMX connections and can be exploited to execute arbitrary code. The vulnerability is reported in the following products: * TIBCO ActiveMatrix Service Grid versions 3.0.0, 3.0.1, and 3.1.0 * TIBCO ActiveMatrix Service Bus versions 3.0.0 and 3.0.1 * TIBCO ActiveMatrix BusinessWorks Service Engine 5.9.0 * TIBCO ActiveMatrix BPM versions 1.0.1 and 1.0.2 * TIBCO Silver BPM Service version 1.0.1 * TIBCO Silver CAP Service version 1.0.0 SOLUTION: Update to the latest version (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.tibco.com/multimedia/activematrix_advisory_20101214_tcm8-12728.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 22 22:10:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 23 Dec 2010 07:10:09 +0100 Subject: [SEC] [SA42625] cPanel Exim Multiple Vulnerabilities Message-ID: <201012230610.oBN6A9gZ023876@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: cPanel Exim Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42625 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42625/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42625 RELEASE DATE: 2010-12-23 DISCUSS ADVISORY: http://secunia.com/advisories/42625/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42625/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42625 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: cPanel has acknowledged some vulnerabilities in Exim, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA40019 SOLUTION: Apply patches available via cPanel's package management system. ORIGINAL ADVISORY: http://www.cpanel.net/2010/12/exim-remote-memory-corruption-vulnerability-notification-cve-2010-4344.html http://www.cpanel.net/2010/12/critical-exim-security-update.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 23 10:30:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 23 Dec 2010 19:30:14 +0100 Subject: [SEC] [SA42369] TheHostingTool "updateResource()" SQL Injection Vulnerability Message-ID: <201012231830.oBNIUEGq006678@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: TheHostingTool "updateResource()" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42369 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42369/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42369 RELEASE DATE: 2010-12-23 DISCUSS ADVISORY: http://secunia.com/advisories/42369/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42369/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42369 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Russ McRee has discovered a vulnerability in TheHostingTool, which can be exploited by malicious users to conduct SQL injection attacks. Input passed via arbitrary parameter names to admin/index.php is not properly sanitised in the "updateResource()" function in includes/class_db.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires "Home" permissions in the Admin Area and requires that "magic_quotes_gpc" is disabled. The vulnerability is confirmed in version 1.2.2. Other versions may also be affected. SOLUTION: Update to version 1.2.3. PROVIDED AND/OR DISCOVERED BY: Russ McRee, via Secunia. ORIGINAL ADVISORY: TheHostingTool: http://thehostingtool.com/forum/thread-1087.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 23 11:30:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 23 Dec 2010 20:30:13 +0100 Subject: [SEC] [SA42716] Fedora update for seamonkey Message-ID: <201012231930.oBNJUD8A029559@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for seamonkey SECUNIA ADVISORY ID: SA42716 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42716/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42716 RELEASE DATE: 2010-12-23 DISCUSS ADVISORY: http://secunia.com/advisories/42716/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42716/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42716 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for seamonkey. This fixes a weakness and some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user's system. For more information: SA42518 SOLUTION: Apply updated packages using the yum utility ("yum update seamonkey"). ORIGINAL ADVISORY: FEDORA-2010-18890: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052502.html FEDORA-2010-18920: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052504.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 23 12:30:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 23 Dec 2010 21:30:27 +0100 Subject: [SEC] [SA42717] Built2Go PHP Shopping "cat" SQL Injection Vulnerability Message-ID: <201012232030.oBNKUR3A020069@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Built2Go PHP Shopping "cat" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42717 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42717/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42717 RELEASE DATE: 2010-12-23 DISCUSS ADVISORY: http://secunia.com/advisories/42717/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42717/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42717 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Built2Go PHP Shopping, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "cat" parameter to product.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 1.7.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Br0ly OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 23 13:30:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 23 Dec 2010 22:30:11 +0100 Subject: [SEC] [SA42667] Debian update for tor Message-ID: <201012232130.oBNLUBxr010527@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Debian update for tor SECUNIA ADVISORY ID: SA42667 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42667/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42667 RELEASE DATE: 2010-12-23 DISCUSS ADVISORY: http://secunia.com/advisories/42667/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42667/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42667 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for tor. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA42536 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2136-1: http://lists.debian.org/debian-security-announce/2010/msg00187.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 23 14:24:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 23 Dec 2010 23:24:41 +0100 Subject: [SEC] [SA42687] YPNinc Realty Classifieds "id" SQL Injection Vulnerability Message-ID: <201012232224.oBNMOfrf000720@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: YPNinc Realty Classifieds "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42687 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42687/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42687 RELEASE DATE: 2010-12-23 DISCUSS ADVISORY: http://secunia.com/advisories/42687/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42687/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42687 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in YPNinc Realty Classifieds, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to gmap.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Br0ly OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 23 14:45:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 23 Dec 2010 23:45:20 +0100 Subject: [SEC] [SA42735] Drupal Image Module Unspecified Script Insertion Vulnerability Message-ID: <201012232245.oBNMjKve021896@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Drupal Image Module Unspecified Script Insertion Vulnerability SECUNIA ADVISORY ID: SA42735 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42735/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42735 RELEASE DATE: 2010-12-23 DISCUSS ADVISORY: http://secunia.com/advisories/42735/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42735/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42735 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Image module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Certain unspecified input is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site when the malicious data is being viewed. The vulnerability is reported in versions prior to 6.x-1.1, 5.x-2.0, and 5.x-1.10. SOLUTION: Update to the latest versions. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Justin Klein Keane. ORIGINAL ADVISORY: SA-CONTRIB-2010-113: http://drupal.org/node/1005578 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 23 15:15:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 24 Dec 2010 00:15:44 +0100 Subject: [SEC] [SA42700] Drupal oEmbed Module Security Bypass Vulnerability Message-ID: <201012232315.oBNNFivw011145@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Drupal oEmbed Module Security Bypass Vulnerability SECUNIA ADVISORY ID: SA42700 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42700/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42700 RELEASE DATE: 2010-12-23 DISCUSS ADVISORY: http://secunia.com/advisories/42700/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42700/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42700 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the oEmbed module for Drupal, which can be exploited by malicious people to bypass certain security restrictions. An error in the handling of access permissions when embedding a node via an external site can be exploited to embed otherwise restricted content. Successful exploitation requires that the affected site uses the oEmbed Provider sub-module. The vulnerability is reported in versions prior to 6.x-0.8. SOLUTION: Update to version 6.x-0.8. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Benjamin Doherty. ORIGINAL ADVISORY: SA-CONTRIB-2010-112: http://drupal.org/node/999412 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 23 15:47:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 24 Dec 2010 00:47:36 +0100 Subject: [SEC] [SA42684] Linux Kernel "irda_getsockopt()" Integer Underflow Weakness Message-ID: <201012232347.oBNNla1M032756@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Linux Kernel "irda_getsockopt()" Integer Underflow Weakness SECUNIA ADVISORY ID: SA42684 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42684/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42684 RELEASE DATE: 2010-12-24 DISCUSS ADVISORY: http://secunia.com/advisories/42684/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42684/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42684 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Dan Rosenberg has reported a weakness in the Linux Kernel, which can be exploited by malicious, local users to disclose system information. The weakness is caused due to an integer underflow within the "irda_getsockopt()" function in net/irda/af_irda.c and can be exploited to e.g. disclose kernel memory via a specially crafted "IRLMP_ENUMDEVICES" getsockopt. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Dan Rosenberg ORIGINAL ADVISORY: http://www.spinics.net/lists/netdev/msg150842.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 23 16:14:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 24 Dec 2010 01:14:11 +0100 Subject: [SEC] [SA39880] IBM Lotus Notes Traveler Multiple Vulnerabilities Message-ID: <201012240014.oBO0EBVe021756@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM Lotus Notes Traveler Multiple Vulnerabilities SECUNIA ADVISORY ID: SA39880 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39880/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39880 RELEASE DATE: 2010-12-24 DISCUSS ADVISORY: http://secunia.com/advisories/39880/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39880/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39880 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in IBM Lotus Notes Traveler, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service). 1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The Traveler server does not properly apply certain policies to mobile users from a different domain than the Traveler server, which can be exploited to bypass intended policies. Successful exploitation requires a multi-domain environment and that the attacker has credentials to a domain different than the Traveler server. 3) The Nokia client does not properly restrict users from using the "Replace Data" functionality to e.g. sync forbidden applications. 4) An error exists within the processing of documents containing an malformed item, which can be exploited to stop a sync process from finishing correctly. SOLUTION: Update to version 8.5.1.3. PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor. 2, 3, 4) The vendor credits customers. ORIGINAL ADVISORY: http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_851_FP3_Release_Notes 2) LO49967: http://www-01.ibm.com/support/docview.wss?uid=swg1LO49967 3) LO53572: http://www-01.ibm.com/support/docview.wss?uid=swg1LO53572 4) LO51818: http://www-01.ibm.com/support/docview.wss?uid=swg1LO51818 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 23 16:47:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 24 Dec 2010 01:47:24 +0100 Subject: [SEC] [SA42612] Microsoft Windows win32k.sys Driver Multiple Vulnerabilities Message-ID: <201012240047.oBO0lOCC011033@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Microsoft Windows win32k.sys Driver Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42612 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42612/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42612 RELEASE DATE: 2010-12-24 DISCUSS ADVISORY: http://secunia.com/advisories/42612/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42612/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42612 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges. 1) A memory allocation error in the "win32k.sys" driver when copying data from user mode can be exploited to execute code in the kernel. 2) A double-free error in the "win32k.sys" driver when handling PFE objects can be exploited to execute code in the kernel. 3) A second double-free error in the "win32k.sys" driver when running 16-bit programs can be exploited to execute code in the kernel. 4) A memory allocation error in the "win32k.sys" driver when copying data from user mode can be exploited to execute code in the kernel. 5) A logic error in the "win32k.sys" driver when linking driver object may lead to a corrupted linked list. 6) An input validation error in the "xxxRealDefWindowProc()" function (win32k.sys) when processing the WM_GETTEXT window message can be exploited to write a NULL byte to an arbitrary memory location. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 6) St?fan Le Berre, Sysdream. The vendor also credits: 3 - 5) Tarjei Mandt, Norman 6) Tarjei Mandt, Norman. ORIGINAL ADVISORY: MS10-098 http://www.microsoft.com/technet/security/bulletin/ms10-098.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 23 17:13:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 24 Dec 2010 02:13:23 +0100 Subject: [SEC] [SA42638] Citrix Access Gateway Legacy Authentication Command Injection Vulnerability Message-ID: <201012240113.oBO1DN7w032405@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Citrix Access Gateway Legacy Authentication Command Injection Vulnerability SECUNIA ADVISORY ID: SA42638 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42638/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42638 RELEASE DATE: 2010-12-24 DISCUSS ADVISORY: http://secunia.com/advisories/42638/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42638/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42638 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Citrix Access Gateway, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the NT4 authentication component when using Access Gateway Enterprise or the NTLM authentication component when using Access Gateway Standard Edition not properly sanitising certain input before passing it as command line argument to the Samba "samedit" utility. This can be exploited to inject and execute arbitrary commands as the "root" user. The vulnerability is reported in the following products and versions: * Access Gateway 4.5 Advanced Edition * Access Gateway 4.5 Standard Edition * Access Gateway 4.6 Advanced Edition * Access Gateway 4.6 Standard Edition * Access Gateway 8.0 Enterprise Edition * Access Gateway 8.1 Enterprise Edition * Access Gateway 9.0 Enterprise Edition * Access Gateway 9.1 Enterprise Edition * Access Gateway 9.2 Enterprise Edition * Access Gateway VPX 4.6 SOLUTION: The vendor has deprecated the affected authentication methods. Migrate to a different authentication method. PROVIDED AND/OR DISCOVERED BY: George D. Gal, VSR ORIGINAL ADVISORY: Citrix CTX127613: http://support.citrix.com/article/CTX127613 VSR: http://www.vsecurity.com/resources/advisory/20101221-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 23 17:45:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 24 Dec 2010 02:45:39 +0100 Subject: [SEC] [SA42611] Microsoft Windows Internet Connection Signup Wizard Insecure Library Loading Vulnerability Message-ID: <201012240145.oBO1jdY2021652@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Internet Connection Signup Wizard Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA42611 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42611/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42611 RELEASE DATE: 2010-12-24 DISCUSS ADVISORY: http://secunia.com/advisories/42611/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42611/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42611 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the the Internet Connection Signup Wizard loading libraries in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a .ins or .isp file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply the patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Muhaimin Dzulfakar, NGS Software. ORIGINAL ADVISORY: MS10-097 (KB2443105). http://www.microsoft.com/technet/security/bulletin/MS10-097.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 23 18:11:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 24 Dec 2010 03:11:28 +0100 Subject: [SEC] [SA35600] Microsoft Office Graphics Filters Multiple Vulnerabilities Message-ID: <201012240211.oBO2BSOJ010591@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Microsoft Office Graphics Filters Multiple Vulnerabilities SECUNIA ADVISORY ID: SA35600 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/35600/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=35600 RELEASE DATE: 2010-12-24 DISCUSS ADVISORY: http://secunia.com/advisories/35600/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/35600/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=35600 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in Microsoft Office, which can be exploited by malicious people to compromise a user's system. 1) A validation error in the CGM Filter (CGMIMP32.FLT) when allocating memory can be exploited to cause a buffer overflow via a specially crafted CGM image file. 2) An integer truncation error in the PICT import filter (PICTIM32.FLT) can be exploited to cause a heap-based buffer overflow by tricking a user into importing a specially crafted PICT file. 3) An input validation error in the TIFF Import/Export Graphic Filter (TIFFIM32.FLT) when copying certain data can be exploited to cause a heap-based buffer overflow via a specially crafted TIFF image. 4) An input validation error in the TIFF Import/Export Graphic Filter (TIFFIM32.FLT) when copying certain data after having encountered a specific error can be exploited to cause a heap-based buffer overflow via a specially crafted TIFF image. 5) An error in the TIFF Import/Export Graphic Filter (TIFFIM32.FLT) when converting the endianess of certain data can be exploited to corrupt memory via a specially crafted TIFF image. 6) An error due to missing input validation within a library used by the bundled Microsoft Office Document Imaging application when converting certain data during parsing of TIFF images can be exploited to corrupt memory via a TIFF image containing specially crafted IFD entries. 7) A boundary error in the FlashPix image converter when parsing OLE property sets with a long entry can be exploited to cause a stack-based buffer overflow. 8) A boundary error in the FlashPix image converter when parsing overly large tile data can be exploited to cause a buffer overflow in the data section of the process memory space. 9) A boundary error in the FlashPix image converter when parsing overly large tile data can be exploited to cause a stack-based buffer overflow. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Yamata Li, Palo Alto Networks 2) Alin Rad Pop, Secunia Research The vendor also credits Yamata Li, Palo Alto Networks. 3, 4, 5, 6) Carsten Eiram, Secunia Research 7, 8, 9) Dyon Balding, Secunia Research ORIGINAL ADVISORY: MS10-105 (KB2288931, KB2289078, KB2289162, KB2289163, KB2431831, KB2456849): http://www.microsoft.com/technet/security/bulletin/ms10-105.mspx Secunia Research: http://secunia.com/secunia_research/2009-30/ http://secunia.com/secunia_research/2009-31/ http://secunia.com/secunia_research/2009-32/ http://secunia.com/secunia_research/2009-33/ http://secunia.com/secunia_research/2009-34/ http://secunia.com/secunia_research/2009-39/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 23 18:45:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 24 Dec 2010 03:45:31 +0100 Subject: [SEC] [SA42606] BlogCFC Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201012240245.oBO2jVJ1032314@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: BlogCFC Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA42606 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42606/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42606 RELEASE DATE: 2010-12-24 DISCUSS ADVISORY: http://secunia.com/advisories/42606/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42606/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42606 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in BlogCFC, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "ATTRIBUTES.TITLE" parameter to tags/podlayout.cfm, via the "attributes.class" parameter to tags/textarea.cfm, via the URL to tags/getpods.cfm, via the "errorMessage" parameter and via the URL to includes/pods/subscribe.cfm, via the "errorMessage" parameter and via the URL to index.cfm, and via the URL to search.cfm, stats.cfm and statsbyyear.cfm is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in version 5.9.6.001. Prior versions may also be affected. SOLUTION: Update to version 5.9.6.004 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits ProCheckup ORIGINAL ADVISORY: BlogCFC: http://news.blogcfc.com/index.cfm/2010/5/19/BlogCFC-Update ProCheckup: http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-10 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 23 19:16:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 24 Dec 2010 04:16:12 +0100 Subject: [SEC] [SA42652] Oracle Solaris Firefox Multiple Vulnerabilities Message-ID: <201012240316.oBO3GCUL023121@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Oracle Solaris Firefox Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42652 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42652/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42652 RELEASE DATE: 2010-12-24 DISCUSS ADVISORY: http://secunia.com/advisories/42652/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42652/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42652 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged multiple vulnerabilities in Firefox included in Solaris, which can be exploited by malicious people to conduct spoofing attacks, disclose sensitive information, bypass certain security restrictions, or to compromise a user's system. For more information: SA39925 SA40283 SA40309 SA41244 SA41297 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_firefox_browser OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 23 19:46:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 24 Dec 2010 04:46:14 +0100 Subject: [SEC] [SA42597] MantisBT "db_type" Cross-Site Scripting and Local File Inclusion Vulnerabilities Message-ID: <201012240346.oBO3kErw012242@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: MantisBT "db_type" Cross-Site Scripting and Local File Inclusion Vulnerabilities SECUNIA ADVISORY ID: SA42597 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42597/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42597 RELEASE DATE: 2010-12-24 DISCUSS ADVISORY: http://secunia.com/advisories/42597/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42597/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42597 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gjoko Krstic has reported some vulnerabilities in MantisBT, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information. 1) Input passed via the "db_type" parameter to admin/upgrade_unattended.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "db_type" parameter to admin/upgrade_unattended.php is not properly verified before being used to include files. This can be exploited to include arbitrary file from local resources via directory traversal sequences and URL-encoded NULL bytes. NOTE: Successful exploitation requires that installation best-practices have not been followed and the "admin" directory has not been deleted after a successful installation. The vulnerabilities are reported in versions prior to 1.2.4. SOLUTION: Update to version 1.2.4. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Gjoko Krstic, Zero Science Lab. ORIGINAL ADVISORY: MantisBT: http://www.mantisbt.org/bugs/changelog_page.php?project=mantisbt&version=1.2.4 http://www.mantisbt.org/bugs/view.php?id=12607 Zero Science Lab: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4983.php http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4984.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 23 20:10:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 24 Dec 2010 05:10:35 +0100 Subject: [SEC] [SA42566] F-Secure Products Unspecified Vulnerability Message-ID: <201012240410.oBO4AZhm001072@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: F-Secure Products Unspecified Vulnerability SECUNIA ADVISORY ID: SA42566 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42566/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42566 RELEASE DATE: 2010-12-24 DISCUSS ADVISORY: http://secunia.com/advisories/42566/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42566/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42566 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in various F-Secure products, which can be exploited to compromise a user's system. The vulnerability is caused due to an unspecified error, which can be exploited to trick a system into executing a binary file located on a disk resource accessible by the target system. SOLUTION: Apply patches. Patches are also distributed via the automatic update channel. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Simon Raner, ACROS Security ORIGINAL ADVISORY: F-Secure Security Advisory FSC-2010-4: http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-4.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 23 20:24:53 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 24 Dec 2010 05:24:53 +0100 Subject: [SEC] [SA42610] OpenVMS Integrity Servers Privilege Escalation Vulnerability Message-ID: <201012240424.oBO4OrFm021954@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: OpenVMS Integrity Servers Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA42610 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42610/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42610 RELEASE DATE: 2010-12-24 DISCUSS ADVISORY: http://secunia.com/advisories/42610/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42610/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42610 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in OpenVMS, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges. The vulnerability is caused due to an unspecified error and can be exploited to gain privileged access to system resources or cause a DoS. No further information is currently available. The vulnerability is reported in version 8.3, 8.3-1H1, and 8.4 running on the Itanium platform. SOLUTION: Apply Mandatory Update Patch (MUP) kits. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBOV02618 SSRT100354: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02656471 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 23 20:45:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 24 Dec 2010 05:45:36 +0100 Subject: [SEC] [SA42528] Wonderware InBatch / Foxboro I/A Series "lm_tcp" Buffer Overflow Vulnerability Message-ID: <201012240445.oBO4jaaa010661@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Wonderware InBatch / Foxboro I/A Series "lm_tcp" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42528 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42528/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42528 RELEASE DATE: 2010-12-24 DISCUSS ADVISORY: http://secunia.com/advisories/42528/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42528/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42528 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Wonderware InBatch and Foxboro I/A Series Batch, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "lm_tcp" service, which can be exploited to cause a buffer overflow and e.g. write 16bits with the value 0 (0x0000) to an arbitrary memory location by sending a specially crafted packet to port 9001. The vulnerability is reported in Wonderware InBatch version 9.0sp1 running "lm_tcp" version 9.0.0 0248.18.0.0 and is also reported in Wonderware InBatch 8.1 and I/A Series Batch 8.1. Other versions may also be affected. SOLUTION: Apply patches when available. See vendor's advisory for possible mitigation steps. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: Luigi Auriemma: http://aluigi.altervista.org/adv/inbatch_1-adv.txt Invensys: http://iom.invensys.com/EN/Pages/IOM_CyberSecurityUpdates.aspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 23 21:10:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 24 Dec 2010 06:10:54 +0100 Subject: [SEC] [SA42654] Drupal For Firebug Module Cross-Site Request Forgery Vulnerability Message-ID: <201012240510.oBO5Asv7031992@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Drupal For Firebug Module Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA42654 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42654/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42654 RELEASE DATE: 2010-12-24 DISCUSS ADVISORY: http://secunia.com/advisories/42654/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42654/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42654 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Drupal For Firebug module for Drupal, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. submit and execute arbitrary PHP code by tricking an administrative user into visiting a malicious web site. The vulnerability is reported in versions prior to 6.x-1.4 and 5.x-1.5. SOLUTION: Update to the latest version. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits mr.baileys, Drupal security team. ORIGINAL ADVISORY: SA-CONTRIB-2010-110: http://drupal.org/node/999282 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 23 21:44:56 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 24 Dec 2010 06:44:56 +0100 Subject: [SEC] [SA42601] HP Insight Diagnostics Online Edition Cross-Site Scripting Vulnerability Message-ID: <201012240544.oBO5iuhV021300@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HP Insight Diagnostics Online Edition Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42601 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42601/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42601 RELEASE DATE: 2010-12-24 DISCUSS ADVISORY: http://secunia.com/advisories/42601/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42601/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42601 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP Insight Diagnostics Online Edition, which can be exploited by malicious people to conduct cross-site scripting attacks. Unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in HP Insight Diagnostics Online Edition prior to version 8.5.1.3712. SOLUTION: Update to HP Insight Diagnostics Online Edition version 8.5.1.3712 from the HP ProLiant Support Pack 8.6. PROVIDED AND/OR DISCOVERED BY: The vendor credits ProCheckUp Ltd. ORIGINAL ADVISORY: HPSBMA02615 SSRT100228: https://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02652463 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 23 22:10:45 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 24 Dec 2010 07:10:45 +0100 Subject: [SEC] [SA42660] Aesop GIF Creator Aesop Project File Processing Buffer Overflow Vulnerability Message-ID: <201012240610.oBO6Aj3U010238@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Aesop GIF Creator Aesop Project File Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42660 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42660/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42660 RELEASE DATE: 2010-12-24 DISCUSS ADVISORY: http://secunia.com/advisories/42660/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42660/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42660 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: xsploitedsec has discovered a vulnerability in Aesop GIF Creator, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing the "Picture=" property in an Aesop project file (.aep), which can be exploited to cause a stack-based buffer overflow by tricking a user into opening a malicious Aesop project file. The vulnerability is confirmed in version 2.1.841. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: xsploitedsec ORIGINAL ADVISORY: http://x-sploited.com/2010/12/15/poc-aesop-gif-creator/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 24 10:30:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 24 Dec 2010 19:30:12 +0100 Subject: [SEC] [SA42746] SUSE update for Multiple Packages Message-ID: <201012241830.oBOIUCnR031312@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SUSE update for Multiple Packages SECUNIA ADVISORY ID: SA42746 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42746/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42746 RELEASE DATE: 2010-12-24 DISCUSS ADVISORY: http://secunia.com/advisories/42746/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42746/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42746 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for multiple packages. This fixes a security issue and some vulnerabilities where some have an unknown impact and others can be exploited by malicious users to conduct spoofing and script insertion attacks and cause a DoS (Denial of Service) and by malicious people conduct spoofing attacks, bypass certain security restrictions, disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. For more information: SA37977 SA39528 SA39937 SA40148 SA40775 SA41381 SA41596 SA41652 SA41755 SA41968 SA41978 SA42373 SA42396 SA42426 SA42653 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SR:2010:024: http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 24 11:30:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 24 Dec 2010 20:30:44 +0100 Subject: [SEC] [SA42743] Fedora update for git Message-ID: <201012241930.oBOJUivt021812@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for git SECUNIA ADVISORY ID: SA42743 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42743/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42743 RELEASE DATE: 2010-12-24 DISCUSS ADVISORY: http://secunia.com/advisories/42743/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42743/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42743 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for git. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA42645 SOLUTION: Apply updated packages using the yum utility ("yum update git"). ORIGINAL ADVISORY: FEDORA-2010-18981: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052518.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 24 12:30:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 24 Dec 2010 21:30:09 +0100 Subject: [SEC] [SA42699] Rocket U2 UniVerse / UniData Uni RPC Service Signedness Vulnerability Message-ID: <201012242030.oBOKU9GH012287@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Rocket U2 UniVerse / UniData Uni RPC Service Signedness Vulnerability SECUNIA ADVISORY ID: SA42699 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42699/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42699 RELEASE DATE: 2010-12-24 DISCUSS ADVISORY: http://secunia.com/advisories/42699/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42699/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42699 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Rocket U2 UniVerse and UniData, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a signedness error in unirpc32.dll when processing a size value from the Uni RPC protocol packet header. This can be exploited to cause a heap-based buffer overflow via a specially crafted request sent to the Uni RPC service (unirpcd.exe) on e.g. TCP port 31438. Successful exploitation may allow execution of arbitrary code with SYSTEM privileges. The vulnerability is reported in the following products: * Rocket U2 UniVerse versions prior to 10.3.9. * Rocket U2 UniData versions prior to 7.2.8. SOLUTION: Reportedly fixed in UniVerse 10.3.9 and in UniData 7.2.8. Contact the vendor for further information. PROVIDED AND/OR DISCOVERED BY: Ruben Santamarta, reported via ZDI. ORIGINAL ADVISORY: ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-294/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 24 13:30:45 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 24 Dec 2010 22:30:45 +0100 Subject: [SEC] [SA42741] Redmine Multiple Vulnerabilities Message-ID: <201012242130.oBOLUjjn002754@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Redmine Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42741 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42741/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42741 RELEASE DATE: 2010-12-24 DISCUSS ADVISORY: http://secunia.com/advisories/42741/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42741/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42741 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Redmine, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct script insertion attacks and compromise a vulnerable system. 1) An unspecified error can be exploited by authenticated users to gain access to potentially sensitive information. This vulnerability is reported in versions 1.0.x prior to 1.0.5. 2) Certain unspecified input is not properly sanitised in the textile formatter before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site when the malicious data is being viewed. This vulnerability is reported in all versions prior to 1.0.5. 3) An unspecified error within the bazaar repository adapter can be exploited to inject and execute arbitrary shell commands. This vulnerability is reported in versions 0.9.x and 1.0.x prior to 1.0.5. SOLUTION: Update to version 1.0.5. PROVIDED AND/OR DISCOVERED BY: The vendor credits joernchen of Phenoelit. ORIGINAL ADVISORY: Redmine: http://www.redmine.org/news/49 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 24 14:24:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 24 Dec 2010 23:24:28 +0100 Subject: [SEC] [SA42729] Slackware update for php Message-ID: <201012242224.oBOMOSLS025386@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Slackware update for php SECUNIA ADVISORY ID: SA42729 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42729/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42729 RELEASE DATE: 2010-12-24 DISCUSS ADVISORY: http://secunia.com/advisories/42729/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42729/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42729 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Slackware has issued an update for php. This fixes multiple vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). For more information: SA41724 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SSA:2010-357-01: http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.490619 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 24 14:46:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 24 Dec 2010 23:46:33 +0100 Subject: [SEC] [SA42739] Embedthis Appweb Cross-Site Scripting Vulnerability Message-ID: <201012242246.oBOMkXI8014160@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Embedthis Appweb Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42739 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42739/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42739 RELEASE DATE: 2010-12-24 DISCUSS ADVISORY: http://secunia.com/advisories/42739/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42739/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42739 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gjoko Krstic has reported a vulnerability in Embedthis Appweb, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain input passed via the URL is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected website. The vulnerability is reported in version 3.2.2. Prior versions may also be affected. SOLUTION: Update to version 3.2.3. PROVIDED AND/OR DISCOVERED BY: Gjoko Krstic, Zero Science Lab ORIGINAL ADVISORY: Embedthis Appweb ChangeLog: http://appwebserver.org/products/appweb/doc/product/changeLog.html#r3.2.3 Gjoko Krstic: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4985.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 24 15:16:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 25 Dec 2010 00:16:16 +0100 Subject: [SEC] [SA42715] Django Two Security Issues Message-ID: <201012242316.oBONGGuw003361@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Django Two Security Issues SECUNIA ADVISORY ID: SA42715 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42715/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42715 RELEASE DATE: 2010-12-24 DISCUSS ADVISORY: http://secunia.com/advisories/42715/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42715/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42715 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two security issues have been reported in Django, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to cause a DoS (Denial of Service). 1) The Django "django.contrib.admin" administrative interface support does not properly filter lookup arguments passed via the query string, which can be exploited to e.g. gain access to sensitive information. Successful exploitation of this security issue requires access to the administrative interface. 2) The Djanog "django.contrib.auth" authentication support does not restrict the maximum size of the base36 integer part of password reset tokens, which can cause a high CPU consumption by sending multiple specially crafted password reset tokens. SOLUTION: Update to version 1.1.3 or 1.2.4. PROVIDED AND/OR DISCOVERED BY: 1) Adam Baldwin 2) The vendor credits Paul McMillan ORIGINAL ADVISORY: Django Project: http://www.djangoproject.com/weblog/2010/dec/22/security/ 1) Adam Baldwin: http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0580.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 24 15:48:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 25 Dec 2010 00:48:54 +0100 Subject: [SEC] [SA42744] Fedora update for ImageMagick Message-ID: <201012242348.oBONmsI4025017@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for ImageMagick SECUNIA ADVISORY ID: SA42744 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42744/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42744 RELEASE DATE: 2010-12-25 DISCUSS ADVISORY: http://secunia.com/advisories/42744/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42744/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42744 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for ImageMagick. This fixes a weakness, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA42497 SOLUTION: Apply updated packages using the yum utility ("yum update ImageMagick"). ORIGINAL ADVISORY: FEDORA-2010-19025: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052515.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 24 16:14:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 25 Dec 2010 01:14:46 +0100 Subject: [SEC] [SA42745] Fedora update for kernel Message-ID: <201012250014.oBP0Ekmc013985@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for kernel SECUNIA ADVISORY ID: SA42745 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42745/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42745 RELEASE DATE: 2010-12-25 DISCUSS ADVISORY: http://secunia.com/advisories/42745/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42745/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42745 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for the kernel. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose system information, cause a DoS (Denial of Service), and gain escalated privileges, and by malicious people to cause a DoS. For more information: SA41650 SA41693 SA42035 SA42172 SA42176 SA42187 SA42354 1) An error within the SCTP implementation when handling HMAC calculations can be exploited to cause a crash by sending specially crafted network traffic. mod, dos, rem SOLUTION: Apply updated packages via the yum utility ("yum update kernel"). ORIGINAL ADVISORY: FEDORA-2010-18983: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 24 16:48:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 25 Dec 2010 01:48:18 +0100 Subject: [SEC] [SA42642] Red Hat update for java-1.6.0-ibm Message-ID: <201012250048.oBP0mI3I003246@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for java-1.6.0-ibm SECUNIA ADVISORY ID: SA42642 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42642/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42642 RELEASE DATE: 2010-12-25 DISCUSS ADVISORY: http://secunia.com/advisories/42642/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42642/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42642 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for java-1.6.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, and compromise a vulnerable system. For more information: SA41791 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0987-1: https://rhn.redhat.com/errata/RHSA-2010-0987.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 24 17:15:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 25 Dec 2010 02:15:08 +0100 Subject: [SEC] [SA42603] HP Insight Management Agents Path Disclosure Weakness Message-ID: <201012250115.oBP1F8M8024668@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HP Insight Management Agents Path Disclosure Weakness SECUNIA ADVISORY ID: SA42603 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42603/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42603 RELEASE DATE: 2010-12-25 DISCUSS ADVISORY: http://secunia.com/advisories/42603/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42603/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42603 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in HP Insight Management Agents, which can be exploited by malicious people to disclose potentially system information. The weakness is caused due to an unspecified error and can be exploited to disclose the absolute path of the application. The weakness is reported in versions prior to 8.6 running on Linux and Windows. SOLUTION: Update to version 8.6. PROVIDED AND/OR DISCOVERED BY: The vendor credits ProCheckUp Ltd. ORIGINAL ADVISORY: HPSBMA02616 SSRT100231: https://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02653973 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 24 17:46:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 25 Dec 2010 02:46:49 +0100 Subject: [SEC] [SA42583] HP StorageWorks Modular Smart Array P2000 G3 Undocumented Account Security Issue Message-ID: <201012250146.oBP1kn97013861@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HP StorageWorks Modular Smart Array P2000 G3 Undocumented Account Security Issue SECUNIA ADVISORY ID: SA42583 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42583/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42583 RELEASE DATE: 2010-12-25 DISCUSS ADVISORY: http://secunia.com/advisories/42583/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42583/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42583 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in HP StorageWorks Modular Smart Array P2000, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to the appliance including an undocumented "admin" account with default credentials, which can be exploited to gain access to the management interface of an affected device. The security issue is reported in HP StorageWorks Modular Smart Array P2000 G3 FC with firmware version TS201R015. Other versions may also be affected. SOLUTION: Apply the workaround (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: hpdisclosure(at)anonmail(dot)de ORIGINAL ADVISORY: hpdisclosure(at)anonmail(dot)de: http://archives.neohapsis.com/archives/bugtraq/2010-12/0104.html HPSBST02620 SSRT100356: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02660754 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 24 18:11:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 25 Dec 2010 03:11:32 +0100 Subject: [SEC] [SA42651] Drupal Views Module Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201012250211.oBP2BWjo002742@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Drupal Views Module Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA42651 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42651/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42651 RELEASE DATE: 2010-12-25 DISCUSS ADVISORY: http://secunia.com/advisories/42651/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42651/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42651 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in the Views module for Drupal, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the URL is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in versions prior to 6.x-2.12. SOLUTION: Update to version 6.x-2.12 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits Alexander Kirienko. ORIGINAL ADVISORY: SA-CONTRIB-2010-111: http://drupal.org/node/999380 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 24 18:46:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 25 Dec 2010 03:46:46 +0100 Subject: [SEC] [SA42681] SUSE update for java-1_4_2-ibm and IBMJava2-JRE Message-ID: <201012250246.oBP2kkYs024537@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SUSE update for java-1_4_2-ibm and IBMJava2-JRE SECUNIA ADVISORY ID: SA42681 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42681/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42681 RELEASE DATE: 2010-12-25 DISCUSS ADVISORY: http://secunia.com/advisories/42681/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42681/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42681 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for java-1_4_2-ibm and IBMJava2-JRE. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, and compromise a vulnerable system. For more information: SA41791 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SA:2010:061: http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 24 19:17:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 25 Dec 2010 04:17:22 +0100 Subject: [SEC] [SA42657] BlackBerry Desktop Software Backup File Brute Force Weakness Message-ID: <201012250317.oBP3HMSC014181@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: BlackBerry Desktop Software Backup File Brute Force Weakness SECUNIA ADVISORY ID: SA42657 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42657/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42657 RELEASE DATE: 2010-12-25 DISCUSS ADVISORY: http://secunia.com/advisories/42657/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42657/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42657 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in BlackBerry Desktop Software, which can be exploited by malicious people to conduct brute force attacks. The application generates database backup files with insufficient encryption, which can be exploited to decrypt the backup file via brute force attacks. The weakness is reported in version 6.0. SOLUTION: Update to version 6.0.1. PROVIDED AND/OR DISCOVERED BY: The vendor credits ElcomSoft. ORIGINAL ADVISORY: http://www.blackberry.com/btsc/KB24764 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 24 19:47:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 25 Dec 2010 04:47:19 +0100 Subject: [SEC] [SA42661] BlackBerry Desktop Software Backup File Brute Force Weakness Message-ID: <201012250347.oBP3lJF3003297@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: BlackBerry Desktop Software Backup File Brute Force Weakness SECUNIA ADVISORY ID: SA42661 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42661/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42661 RELEASE DATE: 2010-12-25 DISCUSS ADVISORY: http://secunia.com/advisories/42661/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42661/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42661 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in BlackBerry Desktop Software, which can be exploited by malicious people to conduct brute-force attacks. For more information: SA42657 The weakness is reported in 1.0. SOLUTION: Upgrade to version 2.0. PROVIDED AND/OR DISCOVERED BY: The vendor credits ElcomSoft. ORIGINAL ADVISORY: http://www.blackberry.com/btsc/KB24764 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 24 20:12:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 25 Dec 2010 05:12:27 +0100 Subject: [SEC] [SA42671] Slackware update for bind Message-ID: <201012250412.oBP4CRT2024634@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Slackware update for bind SECUNIA ADVISORY ID: SA42671 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42671/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42671 RELEASE DATE: 2010-12-25 DISCUSS ADVISORY: http://secunia.com/advisories/42671/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42671/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42671 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Slackware has issued an update for bind. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious people to manipulate certain data, bypass certain security restrictions or cause a DoS (Denial of Service). For more information: SA42374 SA42435 SA42458 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SSA:2010-350-01: http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.622190 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 24 20:47:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 25 Dec 2010 05:47:18 +0100 Subject: [SEC] [SA42662] Pointter PHP Content Management System Authentication Security Bypass Message-ID: <201012250447.oBP4lIw3013982@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Pointter PHP Content Management System Authentication Security Bypass SECUNIA ADVISORY ID: SA42662 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42662/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42662 RELEASE DATE: 2010-12-25 DISCUSS ADVISORY: http://secunia.com/advisories/42662/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42662/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42662 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Mark Stanislav has discovered a vulnerability in Pointter PHP Content Management System, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error within the authentication mechanism in the administrative interface, which can be exploited to bypass the authentication mechanism by setting the "auser" and "apass" cookies to an arbitrary value e.g. in admin/menu.php. The vulnerability is confirmed in version 1.0. Other versions may also be affected. SOLUTION: Restrict access to the admin folder (e.g. via .htaccess). PROVIDED AND/OR DISCOVERED BY: Mark Stanislav ORIGINAL ADVISORY: http://www.uncompiled.com/2010/12/pointter-php-content-management-system-unauthorized-privilege-escalation-cve-2010-4332/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 24 21:12:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 25 Dec 2010 06:12:16 +0100 Subject: [SEC] [SA42647] BEdita Cross-Site Request Forgery Vulnerability Message-ID: <201012250512.oBP5CGCY002859@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: BEdita Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA42647 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42647/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42647 RELEASE DATE: 2010-12-25 DISCUSS ADVISORY: http://secunia.com/advisories/42647/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42647/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42647 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in BEdita, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without making proper validity checks to verify the requests. This can be exploited to e.g. add an administrative user by tricking an administrator into visiting a malicious web site while being logged-in to the application. The vulnerability is confirmed in version 3.1.3069. Other versions may also be affected. SOLUTION: Do not browse untrusted web sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge ORIGINAL ADVISORY: HTB22729: http://www.htbridge.ch/advisory/xsrf_csrf_in_bedita.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 24 21:46:57 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 25 Dec 2010 06:46:57 +0100 Subject: [SEC] [SA42658] OpenSC Serial Number Processing Buffer Overflow Vulnerabilities Message-ID: <201012250546.oBP5kvAs024620@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: OpenSC Serial Number Processing Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA42658 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42658/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42658 RELEASE DATE: 2010-12-25 DISCUSS ADVISORY: http://secunia.com/advisories/42658/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42658/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42658 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in OpenSC, which can be exploited by malicious people to compromise an application using the library. The vulnerabilities are caused due to boundary errors in the "acos_get_serialnr()", "acos5_get_serialnr()", and "starcos_get_serialnr()" functions when reading out the serial number of smart cards. This can be exploited to cause buffer overflows via a specially crafted smart card. Successful exploitation may allow execution of arbitrary code. The vulnerabilities are reported in version 0.11.13. Other versions may also be affected. SOLUTION: Fixed in the SVN repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Rafael Dominguez Vega, MWR InfoSecurity ORIGINAL ADVISORY: OpenSC: https://www.opensc-project.org/opensc/changeset/4913 MWR InfoSecurity: http://labs.mwrinfosecurity.com/files/Advisories/mwri_opensc-get-serial-buffer-overflow_2010-12-13.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 24 22:11:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 25 Dec 2010 07:11:31 +0100 Subject: [SEC] [SA42659] PCSC-Lite "ATRDecodeAtr()" Buffer Overflow Vulnerability Message-ID: <201012250611.oBP6BVAB013517@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: PCSC-Lite "ATRDecodeAtr()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42659 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42659/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42659 RELEASE DATE: 2010-12-25 DISCUSS ADVISORY: http://secunia.com/advisories/42659/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42659/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42659 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in PCSC-Lite, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "ATRDecodeAtr()" function in src/atrhandler.c, which can be exploited to cause a buffer overflow via a specially crafted ATR sent by a malicious smart card. The vulnerability is reported in versions 1.5.3. Other versions may also be affected. SOLUTION: Update to version 1.6.6. PROVIDED AND/OR DISCOVERED BY: Rafael Dominguez Vega, MWR Info Security ORIGINAL ADVISORY: http://labs.mwrinfosecurity.com/files/Advisories/mwri_pcsc-atr-handler-buffer-overflow_2010-12-13.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 25 10:31:53 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 25 Dec 2010 19:31:53 +0100 Subject: [SEC] [SA42634] Pointter PHP Micro-Blogging Social Network Authentication Security Bypass Message-ID: <201012251831.oBPIVrI9002161@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Pointter PHP Micro-Blogging Social Network Authentication Security Bypass SECUNIA ADVISORY ID: SA42634 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42634/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42634 RELEASE DATE: 2010-12-25 DISCUSS ADVISORY: http://secunia.com/advisories/42634/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42634/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42634 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Mark Stanislav has discovered a vulnerability in Pointter PHP Micro-Blogging Social Network, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error within the authentication mechanism in the administrative interface, which can be exploited to bypass the authentication mechanism by setting the "auser" and "apass" cookies to an arbitrary value e.g. in admin/menu.php. The vulnerability is confirmed in version 1.8. Other versions may also be affected. SOLUTION: Restrict access to the admin folder (e.g. via .htaccess). PROVIDED AND/OR DISCOVERED BY: Mark Stanislav ORIGINAL ADVISORY: http://www.uncompiled.com/2010/12/pointter-php-micro-blogging-social-network-unauthorized-privilege-escalation-cve-2010-4333/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 25 11:31:50 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 25 Dec 2010 20:31:50 +0100 Subject: [SEC] [SA42653] Opera Multiple Vulnerabilities Message-ID: <201012251931.oBPJVoGr025090@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Opera Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42653 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42653/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42653 RELEASE DATE: 2010-12-25 DISCUSS ADVISORY: http://secunia.com/advisories/42653/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42653/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42653 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Opera, where some have an unknown impact and others can be exploited by malicious people to disclose potentially sensitive information and manipulate certain data. 1) An error in the handling of some web page content may result in that content being displayed on top of dialog boxes and can be exploited to e.g. tricking a user to trust a malicious download. 2) An error when handling Wireless Application Protocol (WAP) sessions due to form fields not being cleared when a new session is started can be exploited to disclose form data to other web sites. 3) An unspecified error exists. No further information is currently available. 4) Some unspecified errors exist. No further information is currently available. The vulnerabilities are reported in versions prior to 11.00. SOLUTION: Upgrade to version 11.00. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Opera: http://www.opera.com/docs/changelogs/unix/1100/ http://www.opera.com/support/kb/view/977/ http://www.opera.com/support/kb/view/979/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 25 12:31:50 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 25 Dec 2010 21:31:50 +0100 Subject: [SEC] [SA42594] Anwiki Cross-Site Scripting Vulnerabilities Message-ID: <201012252031.oBPKVoX0015569@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Anwiki Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA42594 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42594/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42594 RELEASE DATE: 2010-12-25 DISCUSS ADVISORY: http://secunia.com/advisories/42594/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42594/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42594 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Anwiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to e.g. the "login" parameter in index.php (if "a" is set to "login") and via the URL is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected website. The vulnerabilities are reported in versions prior to 0.2.5. SOLUTION: Update to version 0.2.5. PROVIDED AND/OR DISCOVERED BY: The vendor credits Damon Haidary. ORIGINAL ADVISORY: http://www.anwiki.com/en/news/2010-12-13 http://bugs.anwiki.com/index.php?do=details&task_id=147 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 25 13:31:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 25 Dec 2010 22:31:49 +0100 Subject: [SEC] [SA42643] Symantec Endpoint Protection Manager "fw_charts.php" Code Execution Vulnerability Message-ID: <201012252131.oBPLVnS5006040@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Symantec Endpoint Protection Manager "fw_charts.php" Code Execution Vulnerability SECUNIA ADVISORY ID: SA42643 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42643/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42643 RELEASE DATE: 2010-12-25 DISCUSS ADVISORY: http://secunia.com/advisories/42643/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42643/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42643 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Symantec Endpoint Protection Manager, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to an input validation error within the fw_charts.php file of the reporting module, which can be exploited to overwrite arbitrary files on the server and e.g. execute arbitrary PHP code. According to the vendor, successful exploitation requires that the Symantec Endpoint Protection client is installed and authenticated to the target Symantec Endpoint Protection server. NOTE: Reportedly, this can also be exploited without proper authentication. SOLUTION: Upgrade to Symantec Endpoint Protection 11 RU6 MP2. PROVIDED AND/OR DISCOVERED BY: Andrea Micalizzi aka rGod via ZDI ORIGINAL ADVISORY: Symantec SYM10-013: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101215_00 ZDI-10-291: http://www.zerodayinitiative.com/advisories/ZDI-10-291/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 25 14:25:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 25 Dec 2010 23:25:41 +0100 Subject: [SEC] [SA42622] phpMyFAQ Compromised Source Packages Backdoor Security Issue Message-ID: <201012252225.oBPMPfwH028647@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: phpMyFAQ Compromised Source Packages Backdoor Security Issue SECUNIA ADVISORY ID: SA42622 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42622/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42622 RELEASE DATE: 2010-12-25 DISCUSS ADVISORY: http://secunia.com/advisories/42622/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42622/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42622 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in phpMyFAQ, which can be exploited by malicious people to compromise a vulnerable system. The security issue is caused due to the distribution of compromised phpMyFAQ source code packages containing a backdoor, which can be exploited to e.g. execute arbitrary PHP code. The compromised versions were distributed from December 4th to December 15th in versions 2.6.11 and 2.6.12. SOLUTION: Update to version 2.6.13. Please see the vendor's advisories for additional details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.phpmyfaq.de/advisory_2010-12-15.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 25 14:47:01 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 25 Dec 2010 23:47:01 +0100 Subject: [SEC] [SA42645] GIT "gitweb" Cross-Site Scripting Vulnerabilities Message-ID: <201012252247.oBPMl1ZE017379@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: GIT "gitweb" Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA42645 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42645/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42645 RELEASE DATE: 2010-12-25 DISCUSS ADVISORY: http://secunia.com/advisories/42645/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42645/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42645 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Emanuele Gentili has reported some vulnerabilities in GIT, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "f" and "fp" parameters to the "gitweb" interface are not properly sanitised in gitweb/gitweb.perl before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in versions prior to 1.7.3.4. SOLUTION: Update to version 1.7.3.4. PROVIDED AND/OR DISCOVERED BY: Emanuele Gentili, Tiger Security. ORIGINAL ADVISORY: GIT: http://git.kernel.org/?p=git/git.git;a=blob;f=Documentation/RelNotes/1.7.3.4.txt http://git.kernel.org/?p=git/git.git;a=commit;h=3017ed62f47ce14a959e2d315c434d4980cf4243 Tiger Security: http://www.tigersecurity.it/nuova-vulnerabilita-di-gitweb-rilasciata-in-responsible-disclosure-dal-tiger-team-di-tiger-security-s-r-l/index.aspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 25 15:16:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 26 Dec 2010 00:16:18 +0100 Subject: [SEC] [SA42663] Anwiki Cross-Site Request Forgery Vulnerability Message-ID: <201012252316.oBPNGIYh006593@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Anwiki Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA42663 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42663/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42663 RELEASE DATE: 2010-12-25 DISCUSS ADVISORY: http://secunia.com/advisories/42663/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42663/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42663 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Anwiki, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change the administrator's email address by tricking the administrator into visiting a malicious website. The vulnerability is confirmed in version 0.2.5. Other versions may also be affected. SOLUTION: Do not browse untrusted websites while being logged in to the application. PROVIDED AND/OR DISCOVERED BY: Reported in an Anwiki bug by Wladimir Palant. ORIGINAL ADVISORY: http://bugs.anwiki.com/index.php?do=details&task_id=60 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 25 15:49:15 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 26 Dec 2010 00:49:15 +0100 Subject: [SEC] [SA42678] IBM HTTP Server "apr_brigade_split_line()" Denial of Service Vulnerability Message-ID: <201012252349.oBPNnFwa028247@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM HTTP Server "apr_brigade_split_line()" Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42678 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42678/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42678 RELEASE DATE: 2010-12-26 DISCUSS ADVISORY: http://secunia.com/advisories/42678/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42678/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42678 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged a vulnerability in IBM HTTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerability #2 in: SA41701 SOLUTION: Apply APAR PM23263 or update to version 6.1.0.35. ORIGINAL ADVISORY: IBM (PM23263): http://www-01.ibm.com/support/docview.wss?uid=swg27008517 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 25 16:14:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 26 Dec 2010 01:14:34 +0100 Subject: [SEC] [SA42600] Joomla! JRadio Component Local File Inclusion and SQL Injection Vulnerabilities Message-ID: <201012260014.oBQ0EYIU017168@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Joomla! JRadio Component Local File Inclusion and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA42600 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42600/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42600 RELEASE DATE: 2010-12-26 DISCUSS ADVISORY: http://secunia.com/advisories/42600/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42600/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42600 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in the JRadio component for Joomla!, which can be exploited by malicious people to disclose sensitive information and conduct SQL injection attacks. 1) Input passed via the "controller" parameter to index.php (when "option" is set to "com_jradio") is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. 2) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in version 1.5.0. Other versions may also be affected. SOLUTION: Update to version 1.5.1. PROVIDED AND/OR DISCOVERED BY: 1) Sid3^effects aKa HaRi 2) Reported by the vendor. ORIGINAL ADVISORY: JRadio: http://www.fxwebdesign.nl/index.php?option=com_content&view=article&id=20&Itemid=56 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 25 16:50:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 26 Dec 2010 01:50:20 +0100 Subject: [SEC] [SA42516] ManageEngine EventLog Analyzer Multiple Vulnerabilities Message-ID: <201012260050.oBQ0oKAE006559@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: ManageEngine EventLog Analyzer Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42516 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42516/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42516 RELEASE DATE: 2010-12-26 DISCUSS ADVISORY: http://secunia.com/advisories/42516/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42516/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42516 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in ManageEngine, which can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), and potentially compromise a vulnerable system. 1) Input passed e.g. via the "HOST_ID", "OS", "GROUP", "exportFile", "load", "type", "tab" parameters to INDEX.do, the "reported" parameter to INDEX2.do, the "gId" parameter to hostlist.do, the "newWindows" parameter to globalSettings.do, and the "STATUS" parameter to enableHost.do is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) An error in the syslog server in the processing of Syslog PRI message headers can be exploited to cause a buffer overflow via a specially crafted packet sent to port 513/UDP or 514/UDP. Successful exploitation of this vulnerability may allow execution of arbitrary code. The vulnerabilities are reported in 6.1. Other versions may also be affected. SOLUTION: Restrict network access to the affected interfaces. Do not browse untrusted sites or follow links from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Rob Kraus, Jose Hernandez, and Solutionary Engineering Research Team (SERT). ORIGINAL ADVISORY: http://www.solutionary.com/index/SERT/Vuln-Disclosures/ManageEngine-Eventlog-Analyzer-Syslog-Renite-DoS-vuln.html http://www.solutionary.com/index/SERT/Vuln-Disclosures/ManageEngine-XSS-vulnerabilities.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 25 17:15:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 26 Dec 2010 02:15:28 +0100 Subject: [SEC] [SA41020] IrfanView LuraWave Format PlugIns Multiple Vulnerabilities Message-ID: <201012260115.oBQ1FSAv027870@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IrfanView LuraWave Format PlugIns Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41020 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41020/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41020 RELEASE DATE: 2010-12-26 DISCUSS ADVISORY: http://secunia.com/advisories/41020/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41020/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41020 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: BraniX has discovered some vulnerabilities in the LuraWave PlugIn for IrfanView, which can be exploited by malicious people to potentially compromise a user's system. 1) An input validation error in the parsing of dimension fields in the LWF header can be exploited to cause a heap-based buffer overflow during decoding. 2) An integer overflow error when calculating the amount of required memory for decoding based on a certain byte value in the LWF header can be exploited to cause a heap-based buffer overflow. 3) An input validation error when calculating the amount of required memory for decoding based on a certain byte value in the LWF header can be exploited to cause a heap-based buffer overflow. 4) An integer overflow error when calculating the amount of required memory for decoding based on a certain word value in the LWF header can be exploited to cause a heap-based buffer overflow. The vulnerabilities are confirmed in version 4.2.2. Other versions may also be affected. SOLUTION: No updated version of the plugin will be made available. The vendor has removed the plugin in version 4.28 of the plugins distribution. PROVIDED AND/OR DISCOVERED BY: BraniX via Secunia. Additional details provided by Secunia Research. ORIGINAL ADVISORY: http://irfanview.com/main_history.htm OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 25 17:47:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 26 Dec 2010 02:47:00 +0100 Subject: [SEC] [SA42646] BLOG:CMS Multiple Vulnerabilities Message-ID: <201012260147.oBQ1l0ti017068@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: BLOG:CMS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42646 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42646/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42646 RELEASE DATE: 2010-12-26 DISCUSS ADVISORY: http://secunia.com/advisories/42646/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42646/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42646 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in BLOG:CMS, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) Input passed via the "body" POST parameter to action.php (when "action" POST parameter is set to "addcomment") is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 2) The application allows users to perform certain actions via HTTP requests without making proper validity checks to verify the requests. This can be exploited to e.g add an administrative user by tricking an administrator into visiting a malicious web site while being logged-in to the application. The vulnerability is confirmed in version 4.2.1.f. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Do not browse untrusted web sites or follow untrusted links while being logged-in to the application. ORIGINAL ADVISORY: HTB22724: http://www.htbridge.ch/advisory/xss_vulnerability_in_blogcms.html HTB22727: http://www.htbridge.ch/advisory/xsrf_csrf_in_blogcms.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 25 18:11:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 26 Dec 2010 03:11:42 +0100 Subject: [SEC] [SA42672] AttacheCase Insecure Executable Loading Vulnerability Message-ID: <201012260211.oBQ2Bg6W005955@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: AttacheCase Insecure Executable Loading Vulnerability SECUNIA ADVISORY ID: SA42672 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42672/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42672 RELEASE DATE: 2010-12-26 DISCUSS ADVISORY: http://secunia.com/advisories/42672/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42672/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42672 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in AttacheCase, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the applications loading an executable file in an insecure manner and can be exploited by tricking a user into e.g. opening certain encrypted files located on a remote WebDAV or SMB share. The vulnerability is reported in versions 2.69 and prior. SOLUTION: Update to version 2.70 or later. PROVIDED AND/OR DISCOVERED BY: JVN credits Takashi Katagiri Hiroshi. ORIGINAL ADVISORY: http://homepage2.nifty.com/hibara/software/atcs.htm OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 25 18:47:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 26 Dec 2010 03:47:10 +0100 Subject: [SEC] [SA35770] TYPO3 Multiple Vulnerabilities Message-ID: <201012260247.oBQ2lAgs027725@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: TYPO3 Multiple Vulnerabilities SECUNIA ADVISORY ID: SA35770 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/35770/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=35770 RELEASE DATE: 2010-12-26 DISCUSS ADVISORY: http://secunia.com/advisories/35770/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/35770/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=35770 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in TYPO3, which can be exploited by malicious users to conduct script insertion and SQL injection attacks, disclose sensitive information, and compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system. 1) Certain input passed to the click enlarge functionality is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation of this vulnerability requires that the caching framework is enabled. 2) Certain input passed to the FORM content object is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "editor" permissions in the backend. 3) Certain unspecified input is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or remote resources. 4) Certain input passed to the Install Tool is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation of this vulnerability requires Install Tool credentials. 5) Certain input passed to the TypoScript file inclusion functionality is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or remote resources. Successful exploitation of this vulnerability requires admin permissions. 6) Certain input passed to the unzip library is not properly verified before being used. This can be exploited to disclose sensitive information via directory traversal attacks. 7) Certain input passed to the list module is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires "access" permission to the the list module in the backend. 8) Certain input passed to the "escapeStrForLike()" function when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES is not properly sanitised before being used. This can be exploited to disclose certain records by injecting wildcards. The vulnerabilities are reported in versions prior to 4.2.16, 4.3.9, or 4.4.5. SOLUTION: Update to versions 4.2.16, 4.3.9, or 4.4.5. PROVIDED AND/OR DISCOVERED BY: 4, 7) Reported by the vendor The vendor credits: 1) Andreas Weber 2) Security Team Member Helmut Hummel 3) Gregor Kopf and Luca Carettoni 5) Fabrizio Branca 6) Anthon Pang 8) Security Team Member Marcus Krause OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 25 19:18:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 26 Dec 2010 04:18:02 +0100 Subject: [SEC] [SA42665] Apple AirPort / Time Capsule Multiple Vulnerabilities Message-ID: <201012260318.oBQ3I2Fs017395@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apple AirPort / Time Capsule Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42665 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42665/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42665 RELEASE DATE: 2010-12-26 DISCUSS ADVISORY: http://secunia.com/advisories/42665/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42665/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42665 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple Airport Extreme and Time Capsule, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). 1) An error when handling SNMP requests can be exploited to cause a crash. For more information: SA32560 2) An error when processing IPv6 Router Advertisement (RA) and Neighbor Discovery (ND) packets can be exploited to cause a device to restart. 3) An error when handling the FTP PORT command can be exploited to bypass IP-based restrictions and send traffic to an IP behind the NAT. Successful exploitation requires write access to a FTP server inside the NAT. 4) An error when handling fragmented ISAKMP packets can be exploited to cause a crash of the racoon daemon. For more information see vulnerability #2: SA31478 5) An error when handling DHCP packets can be exploited to cause a device to stop responding to traffic by sending a specially crafted DHCP reply packet. Successful exploitation requires a device to be configured as a bridge or in NAT mode with a default host enabled (by default no host is configured). SOLUTION: Update to firmware version 7.5.2 (please see the vendor's advisory for details). Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits the following people: 2) Shoichi Sakane of KAME project, Kanai Akira of Internet Multifeed Co., Shirahata Shin and Rodney Van Meter of Keio University, and Tatuya Jinmei of Internet Systems Consortium, Inc. 3) Sabahattin Gucukoglu. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4298 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 25 19:44:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 26 Dec 2010 04:44:02 +0100 Subject: [SEC] [SA42590] Clear iSpot and Clear Clearspot Cross-Site Request Forgery Vulnerability Message-ID: <201012260344.oBQ3i2Ap004510@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Clear iSpot and Clear Clearspot Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA42590 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42590/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42590 RELEASE DATE: 2010-12-26 DISCUSS ADVISORY: http://secunia.com/advisories/42590/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42590/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42590 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Clear iSpot and Clear Clearspot, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without making proper validity checks to verify the requests. This can be exploited to e.g. remove the root password or enable telnet by tricking a logged-in administrator into visiting a malicious web site. The vulnerabilities are reported in Clear iSpot version 2.0.0.0, firmware version 1.9.9.4 and Clear Clearspot version 2.0.0.0, firmware version 1.9.9.4. Other versions may also be affected. SOLUTION: Do not browse untrusted web sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: Matthew Jakubowski, Trustwave's SpiderLabs ORIGINAL ADVISORY: https://www.trustwave.com/spiderlabs/advisories/TWSL2010-008.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 25 20:09:06 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 26 Dec 2010 05:09:06 +0100 Subject: [SEC] [SA42656] BLOG:CMS Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201012260409.oBQ496Ne025831@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: BLOG:CMS Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA42656 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42656/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42656 RELEASE DATE: 2010-12-26 DISCUSS ADVISORY: http://secunia.com/advisories/42656/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42656/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42656 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in BLOG:CMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "action" parameter to admin/index.php and via the "amount" POST parameter to admin/index.php (when "action" POST parameter is set to "browseowncomments") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 1.4.2.1.e. Prior versions may also be affected. SOLUTION: Update to version 1.4.2.1.f. ORIGINAL ADVISORY: BLOG:CMS: http://blogcms.com/?item=download HTB22725: http://www.htbridge.ch/advisory/xss_vulnerability_in_blogcms_1.html HTB22726: http://www.htbridge.ch/advisory/cross_site_scripting_vulnerability_in_blogcms.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 25 20:23:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 26 Dec 2010 05:23:27 +0100 Subject: [SEC] [SA42666] Ubuntu update for eucalyptus Message-ID: <201012260423.oBQ4NRsW014238@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for eucalyptus SECUNIA ADVISORY ID: SA42666 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42666/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42666 RELEASE DATE: 2010-12-26 DISCUSS ADVISORY: http://secunia.com/advisories/42666/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42666/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42666 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for eucalyptus. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA42632 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1033-1: http://www.ubuntu.com/usn/usn-1033-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 25 20:44:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 26 Dec 2010 05:44:14 +0100 Subject: [SEC] [SA42644] HP Power Manager Login Form Buffer Overflow Vulnerability Message-ID: <201012260444.oBQ4iEC4002925@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HP Power Manager Login Form Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42644 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42644/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42644 RELEASE DATE: 2010-12-26 DISCUSS ADVISORY: http://secunia.com/advisories/42644/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42644/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42644 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP Power Manager, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error when processing URL parameters passed to the login form of the management web server. This can be exploited to cause a stack-based buffer overflow via a specially crafted "Login" variable. Successful exploitation may allow execution of arbitrary code with SYSTEM privileges. The vulnerability is reported in versions prior to 4.3.2 running on Windows and Linux. SOLUTION: Update to version 4.3.2. PROVIDED AND/OR DISCOVERED BY: Independently reported via ZDI by: * Tenable Network Security * Andrea Micalizzi aka rgod * SilentSignal * An anonymous person ORIGINAL ADVISORY: HPSBMA02545 SSRT100139: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02239581 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-292/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 25 21:10:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 26 Dec 2010 06:10:23 +0100 Subject: [SEC] [SA42679] Astaro update for clam and exim Message-ID: <201012260510.oBQ5ANTp024296@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Astaro update for clam and exim SECUNIA ADVISORY ID: SA42679 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42679/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42679 RELEASE DATE: 2010-12-26 DISCUSS ADVISORY: http://secunia.com/advisories/42679/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42679/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42679 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Astaro has issued an update for clam and exim. This fixes some vulnerabilities, which have unknown impacts. The vulnerabilities are caused due to unspecified errors within the clam and exim packages. No additional information is currently available. SOLUTION: Apply update Up2Date 7.509. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: http://www.astaro.com/blog/up2date/p2date-7-509-released OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 25 21:23:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 26 Dec 2010 06:23:16 +0100 Subject: [SEC] [SA41439] IrfanView LuraDocument Format PlugIn Memory Corruption Vulnerability Message-ID: <201012260523.oBQ5NGof012649@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IrfanView LuraDocument Format PlugIn Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA41439 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41439/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41439 RELEASE DATE: 2010-12-26 DISCUSS ADVISORY: http://secunia.com/advisories/41439/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41439/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41439 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: BraniX has discovered a vulnerability in the LuraDocument Format PlugIn for IrfanView, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error within the LuraDocument Format PlugIn and can be exploited to cause a memory corruption by e.g. tricking a user into opening a specially crafted LDF file. The vulnerability is confirmed in version 4.2.2. Other versions may also be affected. SOLUTION: No updated version of the plugin will be made available. The vendor has removed the plugin in version 4.28 of the plugins distribution. PROVIDED AND/OR DISCOVERED BY: BraniX via Secunia. ORIGINAL ADVISORY: http://irfanview.com/main_history.htm OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 25 21:44:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 26 Dec 2010 06:44:10 +0100 Subject: [SEC] [SA42673] Altarsoft Audio Converter WAV Processing Buffer Overflow Vulnerability Message-ID: <201012260544.oBQ5iAJM001296@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Altarsoft Audio Converter WAV Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42673 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42673/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42673 RELEASE DATE: 2010-12-26 DISCUSS ADVISORY: http://secunia.com/advisories/42673/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42673/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42673 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Altarsoft Audio Converter, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing WAV files. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted WAV file. The vulnerability is confirmed in version 1.1. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: C4SS!0 G0M3S ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/15751/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 25 22:09:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 26 Dec 2010 07:09:05 +0100 Subject: [SEC] [SA42677] Joomla! Lyftenbloggie Component Cross-Site Scripting Vulnerabilities Message-ID: <201012260609.oBQ6959K022660@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Joomla! Lyftenbloggie Component Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA42677 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42677/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42677 RELEASE DATE: 2010-12-26 DISCUSS ADVISORY: http://secunia.com/advisories/42677/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42677/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42677 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in the Lyftenbloggie component for Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "tag" and "category" parameters to index.php (when "option" is set to "com_lyftenbloggie") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 1.1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Ashiyane Digital Security Team OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 26 10:29:57 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 26 Dec 2010 19:29:57 +0100 Subject: [SEC] [SA42637] HP Discovery & Dependency Mapping Inventory Cross-Site Scripting Vulnerability Message-ID: <201012261829.oBQITvBB011375@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HP Discovery & Dependency Mapping Inventory Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42637 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42637/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42637 RELEASE DATE: 2010-12-26 DISCUSS ADVISORY: http://secunia.com/advisories/42637/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42637/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42637 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP Discovery & Dependency Mapping Inventory (DDMI), which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in version 2.5x, 7.5x , and 7.6x running on Windows. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02617 SSRT100338: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02655735 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 26 11:30:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 26 Dec 2010 20:30:05 +0100 Subject: [SEC] [SA42722] Texas Rankem SQL Injection Vulnerabilities Message-ID: <201012261930.oBQJU5AT001797@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Texas Rankem SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA42722 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42722/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42722 RELEASE DATE: 2010-12-26 DISCUSS ADVISORY: http://secunia.com/advisories/42722/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42722/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42722 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Texas Rankem, which can be exploited by malicious users to conduct SQL injection attacks. Input passed via the "leaderboard_month_rounds" and "leaderboard_year_rounds" parameters to rankem.asp (when "action" is set to "update_counts" and "leaderboard_sort" and "ko_points" are set) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: underground-stockholm.com OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 26 12:30:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 26 Dec 2010 21:30:08 +0100 Subject: [SEC] [SA42682] Fedora update for dhcp Message-ID: <201012262030.oBQKU8cO024715@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for dhcp SECUNIA ADVISORY ID: SA42682 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42682/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42682 RELEASE DATE: 2010-12-26 DISCUSS ADVISORY: http://secunia.com/advisories/42682/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42682/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42682 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for dhcp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA42618 SOLUTION: Apply updated packages using the yum utility ("yum update dhcp"). ORIGINAL ADVISORY: FEDORA-2010-18856: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052329.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 26 13:30:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 26 Dec 2010 22:30:27 +0100 Subject: [SEC] [SA42632] Eucalyptus Admin UI Password Reset Vulnerability Message-ID: <201012262130.oBQLURi9015201@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Eucalyptus Admin UI Password Reset Vulnerability SECUNIA ADVISORY ID: SA42632 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42632/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42632 RELEASE DATE: 2010-12-26 DISCUSS ADVISORY: http://secunia.com/advisories/42632/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42632/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42632 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Eucalyptus, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in the Admin UI, which allows password reset requests without checking for authentication. This can be exploited to change the administrative password and gain administrative access to the application. The vulnerability is reported in versions 2.0.0 and 2.0.1. SOLUTION: Update to version 2.0.2. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: ESA-01: http://open.eucalyptus.com/wiki/esa-01 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 26 14:24:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 26 Dec 2010 23:24:43 +0100 Subject: [SEC] [SA42718] Joomla! Admin Tools Component Cross-Site Scripting and Request Forgery Vulnerabilities Message-ID: <201012262224.oBQMOhvM005397@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Joomla! Admin Tools Component Cross-Site Scripting and Request Forgery Vulnerabilities SECUNIA ADVISORY ID: SA42718 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42718/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42718 RELEASE DATE: 2010-12-26 DISCUSS ADVISORY: http://secunia.com/advisories/42718/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42718/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42718 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in the Admin Tools component for Joomla!, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks. 1) Certain unspecified input passed to the backend is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform unspecified actions by tricking a logged in administrative user into visiting a malicious web site. The vulnerabilities are reported in versions prior to 1.1. SOLUTION: Update to version 1.1. PROVIDED AND/OR DISCOVERED BY: The vendor credits Jeff Channell. ORIGINAL ADVISORY: http://www.akeebabackup.com/home/item/929-security-release-admin-tools-1-1.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 26 14:45:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 26 Dec 2010 23:45:33 +0100 Subject: [SEC] [SA42502] Fedora update for mailman Message-ID: <201012262245.oBQMjXBF026511@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for mailman SECUNIA ADVISORY ID: SA42502 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42502/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42502 RELEASE DATE: 2010-12-26 DISCUSS ADVISORY: http://secunia.com/advisories/42502/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42502/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42502 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for mailman. This fixes two vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks. For more information: SA41265 SOLUTION: Apply updated packages using the yum utility ("yum update mailman"). ORIGINAL ADVISORY: FEDORA-2010-14877: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052297.html FEDORA-2010-14834: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052312.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 26 15:14:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 27 Dec 2010 00:14:29 +0100 Subject: [SEC] [SA42676] Immo Makler "id" SQL Injection Vulnerability Message-ID: <201012262314.oBQNETpH015694@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Immo Makler "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42676 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42676/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42676 RELEASE DATE: 2010-12-26 DISCUSS ADVISORY: http://secunia.com/advisories/42676/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42676/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42676 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Immo Makler, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to news.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Easy Laster OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 26 15:47:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 27 Dec 2010 00:47:21 +0100 Subject: [SEC] [SA42680] MH Products Easy Online Shop "kat" SQL Injection Vulnerability Message-ID: <201012262347.oBQNlLlE004916@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: MH Products Easy Online Shop "kat" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42680 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42680/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42680 RELEASE DATE: 2010-12-27 DISCUSS ADVISORY: http://secunia.com/advisories/42680/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42680/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42680 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in MH Products Easy Online Shop, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "kat" parameter to content.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: Easy Laster OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 26 16:13:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 27 Dec 2010 01:13:05 +0100 Subject: [SEC] [SA42674] Solar FTP Server FTP Command Processing Denial of Service Vulnerability Message-ID: <201012270013.oBR0D5C0026266@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Solar FTP Server FTP Command Processing Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42674 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42674/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42674 RELEASE DATE: 2010-12-27 DISCUSS ADVISORY: http://secunia.com/advisories/42674/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42674/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42674 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: modpr0be has discovered a vulnerability in Solar FTP Server, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to an error when constructing a log message and can be exploited to cause the FTP service (sfsservice.exe) to crash by sending an unimplemented FTP command (e.g. APPE or NLST) containing an overly long parameter. The vulnerability is confirmed in version 2.0. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: modpr0be ORIGINAL ADVISORY: http://www.digital-echidna.org/2010/12/solarftp-2-0-multiple-commands-denial-of-service-vulnerability/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 26 16:46:52 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 27 Dec 2010 01:46:52 +0100 Subject: [SEC] [SA42675] MH Products MHP Downloadshop "ItemID" SQL Injection Vulnerability Message-ID: <201012270046.oBR0kqE0015551@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: MH Products MHP Downloadshop "ItemID" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42675 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42675/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42675 RELEASE DATE: 2010-12-27 DISCUSS ADVISORY: http://secunia.com/advisories/42675/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42675/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42675 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in MH Products MHP Downloadshop, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "ItemID" parameter to view_item.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: Easy Laster OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 26 17:12:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 27 Dec 2010 02:12:47 +0100 Subject: [SEC] [SA42692] RTShop "id" SQL Injection Vulnerability Message-ID: <201012270112.oBR1ClmC004485@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: RTShop "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42692 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42692/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42692 RELEASE DATE: 2010-12-27 DISCUSS ADVISORY: http://secunia.com/advisories/42692/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42692/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42692 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in RTShop, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to productDetail.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 2.0. Other versions may also be affected. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: KnocKout OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 26 17:45:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 27 Dec 2010 02:45:07 +0100 Subject: [SEC] [SA42720] Fedora update for clamav Message-ID: <201012270145.oBR1j7hj026122@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for clamav SECUNIA ADVISORY ID: SA42720 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42720/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42720 RELEASE DATE: 2010-12-27 DISCUSS ADVISORY: http://secunia.com/advisories/42720/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42720/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42720 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for clamav. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA42426 SOLUTION: Apply updated packages using the yum utility ("yum update clamav"). ORIGINAL ADVISORY: FEDORA-2010-18564: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052401.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 26 18:10:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 27 Dec 2010 03:10:27 +0100 Subject: [SEC] [SA42650] IntegraXor Project ActiveX Control Buffer Overflow Vulnerability Message-ID: <201012270210.oBR2ARN8015026@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IntegraXor Project ActiveX Control Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42650 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42650/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42650 RELEASE DATE: 2010-12-27 DISCUSS ADVISORY: http://secunia.com/advisories/42650/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42650/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42650 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in IntegraXor, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing the "save()" method of the Project class (igcom.dll) and can be exploited to cause a stack-based buffer overflow via an overly long string passed in the "FilePath" parameter. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in version 3.5.3900.5. Other versions may also be affected. SOLUTION: Update to version 3.5.3900.10 or later. PROVIDED AND/OR DISCOVERED BY: Jeremy Brown ORIGINAL ADVISORY: IntegraXor: http://www.integraxor.com/blog/integraxor-3-5-scada-security-issue-20101006-0109-vulnerability-note OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 26 18:24:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 27 Dec 2010 03:24:44 +0100 Subject: [SEC] [SA42723] Joomla! aiContactSafe Component Unspecified Cross-Site Scripting Vulnerability Message-ID: <201012270224.oBR2Oiai003425@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Joomla! aiContactSafe Component Unspecified Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42723 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42723/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42723 RELEASE DATE: 2010-12-27 DISCUSS ADVISORY: http://secunia.com/advisories/42723/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42723/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42723 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the aiContactSafe component for Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 2.0.14. SOLUTION: Update to version 2.0.14. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.algisinfo.com/forum/announcements-english/aicontactsafe-2-0-14.html http://www.algisinfo.com/joomla/aicontactsafe-change-log.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 26 18:45:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 27 Dec 2010 03:45:12 +0100 Subject: [SEC] [SA42704] Word Splash Pro Word List Processing Buffer Overflow Vulnerability Message-ID: <201012270245.oBR2jCIZ024520@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Word Splash Pro Word List Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42704 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42704/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42704 RELEASE DATE: 2010-12-27 DISCUSS ADVISORY: http://secunia.com/advisories/42704/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42704/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42704 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Word Splash Pro, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing word list files and can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into importing a specially crafted WSL file. Successful exploitation allows execution of arbitrary code, but requires tricking a user into running the "Word List Builder". The vulnerability is confirmed in version 9.5.0.0. Other versions may also be affected. SOLUTION: Do not import word list files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: h1ch4m OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 26 19:18:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 27 Dec 2010 04:18:37 +0100 Subject: [SEC] [SA42648] Gentoo update for chromium Message-ID: <201012270318.oBR3Ib3q014294@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Gentoo update for chromium SECUNIA ADVISORY ID: SA42648 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42648/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42648 RELEASE DATE: 2010-12-27 DISCUSS ADVISORY: http://secunia.com/advisories/42648/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42648/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42648 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for chromium. This fixes some vulnerabilities, where some have an unknown impact and others can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. For more information: SA42605 SOLUTION: Update to version "www-client/chromium-8.0.552.224" or later. ORIGINAL ADVISORY: GLSA 201012-01: http://www.gentoo.org/security/en/glsa/glsa-201012-01.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 26 19:44:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 27 Dec 2010 04:44:10 +0100 Subject: [SEC] [SA42708] ftpcopy "ftpls" HTML Directory Listing Script Insertion Vulnerability Message-ID: <201012270344.oBR3iAWH003182@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: ftpcopy "ftpls" HTML Directory Listing Script Insertion Vulnerability SECUNIA ADVISORY ID: SA42708 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42708/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42708 RELEASE DATE: 2010-12-27 DISCUSS ADVISORY: http://secunia.com/advisories/42708/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42708/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42708 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in ftpcopy, which can be exploited by malicious people to conduct script insertion attacks. The vulnerability is caused due to the "ftpls" command not properly sanitising the filenames when generating directory listings in HTML format, which can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerability is confirmed in version 0.6.7. Other versions may also be affected. SOLUTION: Do not generate HTML directory listings of untrusted servers. PROVIDED AND/OR DISCOVERED BY: Reported in a Debian bug by "non customers". ORIGINAL ADVISORY: Debian Bug #607494: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607494 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 26 20:09:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 27 Dec 2010 05:09:16 +0100 Subject: [SEC] [SA42712] MH Products Pay Pal Shop Digital "ItemID" SQL Injection Vulnerability Message-ID: <201012270409.oBR49G97024498@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: MH Products Pay Pal Shop Digital "ItemID" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42712 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42712/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42712 RELEASE DATE: 2010-12-27 DISCUSS ADVISORY: http://secunia.com/advisories/42712/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42712/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42712 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in MH Products Pay Pal Shop Digital, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "ItemID" parameter to view_item.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: DeadLy DeMon OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 26 20:23:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 27 Dec 2010 05:23:09 +0100 Subject: [SEC] [SA42706] Oto Galeri Sistemi Multiple SQL Injection Vulnerabilities Message-ID: <201012270423.oBR4N9sA012895@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Oto Galeri Sistemi Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA42706 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42706/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42706 RELEASE DATE: 2010-12-27 DISCUSS ADVISORY: http://secunia.com/advisories/42706/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42706/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42706 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Oto Galeri Sistemi, which can be exploited by malicious people to conduct SQL injection attacks Input passed via the "arac" parameter to carsdetail.asp and via the "marka" parameter to twohandscars.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in version 1.0. Other versions may also be affected. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: DeadLy DeMon OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 26 20:44:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 27 Dec 2010 05:44:27 +0100 Subject: [SEC] [SA42649] Linux Kernel Multiple Vulnerabilities Message-ID: <201012270444.oBR4iRjd001555@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Linux Kernel Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42649 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42649/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42649 RELEASE DATE: 2010-12-27 DISCUSS ADVISORY: http://secunia.com/advisories/42649/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42649/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42649 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some weaknesses and vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to disclose system information, cause a DoS (Denial of Service), and potentially gain escalated privileges, and by malicious people to cause a DoS. For more information: SA41440 SA42035 SA42061 SA42094 SOLUTION: Update to version 2.4.37.11. ORIGINAL ADVISORY: http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.11 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 26 21:09:50 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 27 Dec 2010 06:09:50 +0100 Subject: [SEC] [SA42364] Radius Manager New User Group Script Insertion Vulnerabilities Message-ID: <201012270509.oBR59olw022936@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Radius Manager New User Group Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA42364 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42364/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42364 RELEASE DATE: 2010-12-27 DISCUSS ADVISORY: http://secunia.com/advisories/42364/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42364/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42364 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Radius Manager, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "name" and "descr" parameter to admin.php (when "cont" is set to "new_usergroup") when creating a user group is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "Manager" privileges. The vulnerability is reported in version 3.8.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Ulisses Castro, Conviso IT Security and Rodrigo Rubira Branco, Check Point Vulnerability Discovery Team (VDT). ORIGINAL ADVISORY: Rodrigo Rubira Branco: http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0472.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 26 21:23:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 27 Dec 2010 06:23:20 +0100 Subject: [SEC] [SA42698] MyBB Two Cross-Site Scripting Vulnerabilities Message-ID: <201012270523.oBR5NK9C011297@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: MyBB Two Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA42698 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42698/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42698 RELEASE DATE: 2010-12-27 DISCUSS ADVISORY: http://secunia.com/advisories/42698/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42698/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42698 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in MyBB, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "url" parameter in member.php (when "action" is set to "login") and "posthash" parameter in newreply.php (when "action" is set to "do_newreply") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 1.6.1. SOLUTION: Update to version 1.6.1. PROVIDED AND/OR DISCOVERED BY: Aung Khant, YGN Ethical Hacker Group. ORIGINAL ADVISORY: MyBB: http://blog.mybb.com/2010/12/15/mybb-1-6-1-release-1-4-14-update/ YGN Ethical Hacker Group: http://yehg.net/lab/pr0js/advisories/%5Bmybb1.6%5D_cross_site_scripting OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 26 21:44:06 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 27 Dec 2010 06:44:06 +0100 Subject: [SEC] [SA42670] Kerio Control / Kerio WinRoute Firewall HTTP Cache Poisoning Vulnerability Message-ID: <201012270544.oBR5i64o032401@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Kerio Control / Kerio WinRoute Firewall HTTP Cache Poisoning Vulnerability SECUNIA ADVISORY ID: SA42670 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42670/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42670 RELEASE DATE: 2010-12-27 DISCUSS ADVISORY: http://secunia.com/advisories/42670/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42670/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42670 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Kerio has acknowledged a vulnerability in Kerio Control and Kerio WinRoute Firewall, which can be exploited by malicious people to poison the HTTP cache. The vulnerability is caused due to an unspecified error when processing HTTP data sent to a "non-HTTP" TCP connection. This can be exploited via a malicious website to e.g. store arbitrary data in the HTTP cache, which will then be served instead of legitimate content. Successful exploitation requires that the HTTP cache is enabled (disabled by default). The vulnerability is reported in all versions prior to Kerio Control version 7.1.0 Patch 1. SOLUTION: Update to Kerio Control version 7.1.0 Patch 1. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.kerio.com/support/security-advisories#1012 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Dec 26 22:09:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 27 Dec 2010 07:09:00 +0100 Subject: [SEC] [SA42655] CubeCart FCKeditor Arbitrary File Upload Vulnerability Message-ID: <201012270609.oBR690JY021283@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: CubeCart FCKeditor Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA42655 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42655/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42655 RELEASE DATE: 2010-12-27 DISCUSS ADVISORY: http://secunia.com/advisories/42655/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42655/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42655 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in CubeCart, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to FCKeditor component not properly validating uploaded files. This can be exploited to upload malicious PHP scripts with the e.g. .pht or .phtml extension to the web server. Successful exploitation requires access to the administrative interface. The vulnerability is confirmed in version 3.0.20. Other versions may also be affected. SOLUTION: Grant only trusted users access to the administrative interface. PROVIDED AND/OR DISCOVERED BY: StunTMaN! OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 27 10:29:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 27 Dec 2010 19:29:28 +0100 Subject: [SEC] [SA42702] Square CMS "id" SQL Injection Vulnerability Message-ID: <201012271829.oBRITSaf010028@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Square CMS "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42702 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42702/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42702 RELEASE DATE: 2010-12-27 DISCUSS ADVISORY: http://secunia.com/advisories/42702/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42702/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42702 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Square CMS, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to post.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 0.3.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: cOndemned OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 27 11:29:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 27 Dec 2010 20:29:19 +0100 Subject: [SEC] [SA42757] Fedora update for perl-IO-Socket-SSL Message-ID: <201012271929.oBRJTJGU000409@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for perl-IO-Socket-SSL SECUNIA ADVISORY ID: SA42757 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42757/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42757 RELEASE DATE: 2010-12-27 DISCUSS ADVISORY: http://secunia.com/advisories/42757/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42757/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42757 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for perl-IO-Socket-SSL. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA42508 SOLUTION: Apply updated packages via the yum utility ("yum update perl-IO-Socket-SSL"). ORIGINAL ADVISORY: FEDORA-2010-19054: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052594.html FEDORA-2010-19058: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052601.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 27 12:29:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 27 Dec 2010 21:29:36 +0100 Subject: [SEC] [SA42726] PECL phar Extension Format String Vulnerabilities Message-ID: <201012272029.oBRKTaBB023342@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: PECL phar Extension Format String Vulnerabilities SECUNIA ADVISORY ID: SA42726 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42726/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42726 RELEASE DATE: 2010-12-27 DISCUSS ADVISORY: http://secunia.com/advisories/42726/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42726/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42726 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in the PECL phar extension, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The "php_stream_wrapper_log_error()" function is improperly called with controlled format string arguments while parsing PHP archives (phar). This can be exploited to disclose or potentially corrupt memory when e.g. an invalid filename containing format string specifiers is requested from a phar file. This is related to vulnerability #2 in: SA39573 SOLUTION: Fixed in the SVN repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Originally reported in PHP by Stefan Esser. Reported in the PECL phar extension by Eygene Ryabinkin. ORIGINAL ADVISORY: Eygene Ryabinkin: http://www.openwall.com/lists/oss-security/2010/12/26/1 PECL phar SVN commit: http://svn.php.net/viewvc?view=revision&revision=306667 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 27 13:29:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 27 Dec 2010 22:29:08 +0100 Subject: [SEC] [SA42747] Microsoft Windows Fax Cover Page Editor Buffer Overflow Vulnerability Message-ID: <201012272129.oBRLT8QV013793@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Fax Cover Page Editor Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42747 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42747/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42747 RELEASE DATE: 2010-12-27 DISCUSS ADVISORY: http://secunia.com/advisories/42747/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42747/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42747 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: rgod has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an input validation error in the Windows Fax Cover Page Editor component (fxscover.exe) when the "CDrawPoly::Serialize()" function reads in data from a Fax Cover Page file (".cov"). This can be exploited to cause a heap-based buffer overflow via a Fax Cover Page file containing specially crafted content. Successful exploitation allows execution of arbitrary code, but requires that "Fax Services" / "Windows Fax and Scan" is installed. The vulnerability is confirmed in fully patched versions of Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional. Other versions may also be affected. SOLUTION: Do not open untrusted Fax Cover Page files. PROVIDED AND/OR DISCOVERED BY: Andrea Micalizzi (rgod) ORIGINAL ADVISORY: http://retrogod.altervista.org/9sg_cov_bof.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 27 14:23:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 27 Dec 2010 23:23:17 +0100 Subject: [SEC] [SA42738] OpenEMR Script Insertion and SQL Injection Vulnerabilities Message-ID: <201012272223.oBRMNHHb003978@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: OpenEMR Script Insertion and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA42738 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42738/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42738 RELEASE DATE: 2010-12-27 DISCUSS ADVISORY: http://secunia.com/advisories/42738/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42738/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42738 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in OpenEMR, which can be exploited by malicious users to conduct script insertion and SQL injection attacks. 1) Input passed via the "note" and "manufacturer" parameters to interface/patient_file/summary/immunizations.php when adding an immunization note and "note" parameter to interface/patient_file/summary/pnotes_full.php when adding a new note is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 2) Input passed via the "issue" parameter to interface/patient_file/summary/add_edit_issue.php, "pc_facility" parameter to interface/main/calendar/index.php, "set_pid" parameter to interface/patient_file/summary/demographics.php, "administered_by_id" parameter to interface/patient_file/summary/immunizations.php, "noteid" and "offset" parameters to interface/patient_file/summary/pnotes_full.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. NOTE: This can further be exploited to conduct cross-site scripting attacks via SQL error messages. The vulnerabilities are confirmed in version 3.2.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: wasto OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 27 14:44:01 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 27 Dec 2010 23:44:01 +0100 Subject: [SEC] [SA42727] IBM Tivoli Access Manager for e-business Directory Traversal Vulnerability Message-ID: <201012272244.oBRMi1no025085@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM Tivoli Access Manager for e-business Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA42727 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42727/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42727 RELEASE DATE: 2010-12-27 DISCUSS ADVISORY: http://secunia.com/advisories/42727/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42727/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42727 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM Tivoli Access Manager for e-business, which can be exploited by malicious people to disclose system information. Input passed via the URL is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks using certain character encodings. The vulnerability is reported in version 6.1.1 running on AIX. SOLUTION: Apply patch 6.1.1-TIV-AWS-FP0001. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.ibm.com/support/docview.wss?uid=swg24028829 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 27 15:12:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 28 Dec 2010 00:12:24 +0100 Subject: [SEC] [SA42736] web@all Cross-Site Request Forgery Vulnerability Message-ID: <201012272312.oBRNCOr3014132@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: web at all Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA42736 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42736/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42736 RELEASE DATE: 2010-12-27 DISCUSS ADVISORY: http://secunia.com/advisories/42736/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42736/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42736 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in web at all, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change the administrator's password by tricking a logged in administrator into visiting a malicious web site. The vulnerability is confirmed in version 1.1. Other versions may also be affected. SOLUTION: Do not browse untrusted sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: Giuseppe D'Inverno OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 27 15:46:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 28 Dec 2010 00:46:12 +0100 Subject: [SEC] [SA42742] IBM WebSphere Service Registry and Repository EJB Authentication Bypass Message-ID: <201012272346.oBRNkCWC003492@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM WebSphere Service Registry and Repository EJB Authentication Bypass SECUNIA ADVISORY ID: SA42742 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42742/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42742 RELEASE DATE: 2010-12-28 DISCUSS ADVISORY: http://secunia.com/advisories/42742/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42742/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42742 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM WebSphere Service Registry and Repository, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an EJB interface not properly validating access controls. This can be exploited to bypass the authentication mechanism and perform governance actions via certain API calls to the interface. The vulnerability is reported in version 7.0. SOLUTION: Update to version 7.0.0 Fix Pack 1 (7.0.0.1) or apply APAR IZ72563. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (IZ72563): http://www-01.ibm.com/support/docview.wss?uid=swg24026132 http://xforce.iss.net/xforce/xfdb/63640 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 27 16:11:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 28 Dec 2010 01:11:48 +0100 Subject: [SEC] [SA42668] ENOVIA "emxFramework.FilterParameterPattern" Cross-Site Scripting Vulnerability Message-ID: <201012280011.oBS0Bm1s024829@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: ENOVIA "emxFramework.FilterParameterPattern" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42668 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42668/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42668 RELEASE DATE: 2010-12-28 DISCUSS ADVISORY: http://secunia.com/advisories/42668/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42668/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42668 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in ENOVIA, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain input passed to the "emxFramework.FilterParameterPattern" property is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Apply APAR HE02563. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.ibm.com/support/docview.wss?uid=swg1HE02563 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 27 16:45:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 28 Dec 2010 01:45:47 +0100 Subject: [SEC] [SA42760] Fedora update for dbus Message-ID: <201012280045.oBS0jl9O014132@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for dbus SECUNIA ADVISORY ID: SA42760 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42760/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42760 RELEASE DATE: 2010-12-28 DISCUSS ADVISORY: http://secunia.com/advisories/42760/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42760/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42760 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for dbus. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service). For more information: SA42580 SOLUTION: Apply updated packages via the yum utility ("yum update dbus"). ORIGINAL ADVISORY: FEDORA-2010-19166: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052550.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 27 17:13:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 28 Dec 2010 02:13:00 +0100 Subject: [SEC] [SA42732] Pidgin MSN Direct Connection Denial of Service Weakness Message-ID: <201012280113.oBS1D0Md003099@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Pidgin MSN Direct Connection Denial of Service Weakness SECUNIA ADVISORY ID: SA42732 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42732/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42732 RELEASE DATE: 2010-12-28 DISCUSS ADVISORY: http://secunia.com/advisories/42732/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42732/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42732 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in Pidgin, which can be exploited by malicious people to cause a DoS (Denial of Service). The weakness is caused due to an error when handling certain MSN direct connection (P2Pv2) packets. This can be exploited to cause a NULL pointer dereference error and crash the process via specially crafted packets. SOLUTION: Update to version 2.7.9. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Stu Tomlinson ORIGINAL ADVISORY: http://www.pidgin.im/news/security//?id=49 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 27 17:44:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 28 Dec 2010 02:44:08 +0100 Subject: [SEC] [SA42721] Libxml2 XPath Double Free Vulnerability Message-ID: <201012280144.oBS1i8gb024680@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Libxml2 XPath Double Free Vulnerability SECUNIA ADVISORY ID: SA42721 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42721/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42721 RELEASE DATE: 2010-12-28 DISCUSS ADVISORY: http://secunia.com/advisories/42721/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42721/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42721 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Libxml2, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. For more information see vulnerability #11: SA42472 The vulnerability is reported in version 2.7.8. Other versions may also be affected. SOLUTION: Do not process untrusted XML content using the library. PROVIDED AND/OR DISCOVERED BY: Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences. ORIGINAL ADVISORY: http://code.google.com/p/chromium/issues/detail?id=63444 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 27 18:08:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 28 Dec 2010 03:08:59 +0100 Subject: [SEC] [SA42728] CubeCart Cross-Site Request Forgery Vulnerability Message-ID: <201012280208.oBS28xpk013559@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: CubeCart Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA42728 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42728/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42728 RELEASE DATE: 2010-12-28 DISCUSS ADVISORY: http://secunia.com/advisories/42728/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42728/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42728 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in CubeCart, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without making proper validity checks to verify the requests. This can be exploited to e.g. add new administrative users by tricking a logged-in administrator into visiting a malicious web site. The vulnerability is reported in version 3.0.4 and confirmed in version 4.4.3. Other versions may also be affected. SOLUTION: Do not browse untrusted websites while being logged in to the application. PROVIDED AND/OR DISCOVERED BY: P0C T34M ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/15822/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 27 18:23:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 28 Dec 2010 03:23:18 +0100 Subject: [SEC] [SA42740] Pligg Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201012280223.oBS2NIWZ001903@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Pligg Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA42740 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42740/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42740 RELEASE DATE: 2010-12-28 DISCUSS ADVISORY: http://secunia.com/advisories/42740/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42740/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42740 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Pligg, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed via the "reg_username", "reg_email", "reg_password", and "reg_password2" parameters to register.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. 2) Certain input passed to search.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. The vulnerabilities are reported in versions prior to 1.1.3. SOLUTION: Update to version 1.1.3. PROVIDED AND/OR DISCOVERED BY: The vendor credits Sitewat.ch. ORIGINAL ADVISORY: http://www.pligg.com/blog/1209/pligg-cms-1-1-3-release/ http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2214 http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2212 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 27 18:44:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 28 Dec 2010 03:44:29 +0100 Subject: [SEC] [SA42761] Fedora update for eclipse Message-ID: <201012280244.oBS2iT6U023075@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for eclipse SECUNIA ADVISORY ID: SA42761 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42761/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42761 RELEASE DATE: 2010-12-28 DISCUSS ADVISORY: http://secunia.com/advisories/42761/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42761/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42761 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for eclipse. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA42236 SOLUTION: Apply updated packages via the yum utility ("yum update eclipse"). ORIGINAL ADVISORY: FEDORA-2010-18990: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052532.html FEDORA-2010-19006: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052554.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 27 19:19:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 28 Dec 2010 04:19:10 +0100 Subject: [SEC] [SA42703] IBM Lotus Mobile Connect Multiple Vulnerabilities Message-ID: <201012280319.oBS3JAjT012893@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM Lotus Mobile Connect Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42703 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42703/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42703 RELEASE DATE: 2010-12-28 DISCUSS ADVISORY: http://secunia.com/advisories/42703/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42703/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42703 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and two vulnerabilities have been reported in IBM Lotus Mobile Connect, which can be exploited by malicious people with physical access to bypass certain security restrictions and malicious people to cause a DoS (Denial of Service) 1) The weakness is caused due to the Connection Manager not properly deleting the LTPA token for a session after the user logs off via the "Logoff" button, which can be exploited to bypass the authentication. Successful exploitation requires that the attacker has e.g. access to an unattended client. 2) The Connection Manager does not properly handle failed connection attempts to the HTTP-TCP based Mobile Network Connections (MNC), which can be exploited to e.g. cause an out-of-memory condition, resulting in a crash. 3) An error exists within the reference counter of the Connection Manager when handling repeated logons with the same VPN ID, which can be exploited to desynchronise the reference counter of active sessions, leading to an exhaustion of e.g. all available dynamic IP addresses. SOLUTION: Contact the IBM Lotus Mobile Connect Support Center to receive temporary fixes. Reportedly, versions after 6.1.4 will contain the fixes. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (IZ74393, IZ74588, IZ75012): http://www-01.ibm.com/support/docview.wss?uid=swg27020327 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 27 19:44:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 28 Dec 2010 04:44:23 +0100 Subject: [SEC] [SA42762] Debian update for libxml2 Message-ID: <201012280344.oBS3iNpx001734@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Debian update for libxml2 SECUNIA ADVISORY ID: SA42762 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42762/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42762 RELEASE DATE: 2010-12-28 DISCUSS ADVISORY: http://secunia.com/advisories/42762/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42762/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42762 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. For more information: SA42721 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2137-1: http://lists.debian.org/debian-security-announce/2010/msg00188.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 27 20:09:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 28 Dec 2010 05:09:21 +0100 Subject: [SEC] [SA42711] MH Products Projekt Shop "ts" SQL Injection Vulnerability Message-ID: <201012280409.oBS49LrL023083@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: MH Products Projekt Shop "ts" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42711 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42711/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42711 RELEASE DATE: 2010-12-28 DISCUSS ADVISORY: http://secunia.com/advisories/42711/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42711/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42711 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in MH Products Projekt Shop, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "ts" parameter to details.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: DeadLy DeMon OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 27 20:23:01 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 28 Dec 2010 05:23:01 +0100 Subject: [SEC] [SA42536] Tor Unspecified Buffer Overflow Vulnerability Message-ID: <201012280423.oBS4N18n011463@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Tor Unspecified Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42536 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42536/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42536 RELEASE DATE: 2010-12-28 DISCUSS ADVISORY: http://secunia.com/advisories/42536/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42536/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42536 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Tor, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due to an unspecified error, which can be exploited to cause a heap-based buffer overflow. The vulnerability is reported in versions prior to 0.2.1.28. SOLUTION: Update to version 0.2.1.28. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Willem Pinckaers. ORIGINAL ADVISORY: https://gitweb.torproject.org/tor.git/blob/release-0.2.1:/ChangeLog http://archives.seul.org/or/announce/Dec-2010/msg00000.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 27 20:44:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 28 Dec 2010 05:44:09 +0100 Subject: [SEC] [SA42669] MP3 CD Converter Playlist Processing Buffer Overflow Vulnerability Message-ID: <201012280444.oBS4i93R032569@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: MP3 CD Converter Playlist Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42669 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42669/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42669 RELEASE DATE: 2010-12-28 DISCUSS ADVISORY: http://secunia.com/advisories/42669/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42669/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42669 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in MP3 CD Converter, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing playlist files and can be exploited to cause a stack-based buffer overflow e.g. by tricking a user into opening a specially crafted PLS file. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 5.03. Other versions may also be affected. SOLUTION: Do not open playlist files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: C4SS!0 G0M3S OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 27 21:09:55 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 28 Dec 2010 06:09:55 +0100 Subject: [SEC] [SA42683] AjaXplorer Cross-Site Scripting and Request Forgery Vulnerabilities Message-ID: <201012280509.oBS59ttl021496@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: AjaXplorer Cross-Site Scripting and Request Forgery Vulnerabilities SECUNIA ADVISORY ID: SA42683 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42683/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42683 RELEASE DATE: 2010-12-28 DISCUSS ADVISORY: http://secunia.com/advisories/42683/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42683/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42683 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in AjaXplorer, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks. 1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform unspecified actions by tricking a logged in administrative user into visiting a malicious web site. The vulnerabilities are reported in versions prior to 3.2. SOLUTION: Update to version 3.2. PROVIDED AND/OR DISCOVERED BY: The vendor credits Michael Von Dach, DreamLab Technologies. ORIGINAL ADVISORY: http://www.ajaxplorer.info/wordpress/releases/ajaxplorer-3-2/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 27 21:23:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 28 Dec 2010 06:23:09 +0100 Subject: [SEC] [SA42714] MH Products Download Center "Name" SQL Injection Vulnerability Message-ID: <201012280523.oBS5N9Wb009847@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: MH Products Download Center "Name" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42714 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42714/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42714 RELEASE DATE: 2010-12-28 DISCUSS ADVISORY: http://secunia.com/advisories/42714/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42714/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42714 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in MH Products Download Center, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "Name" POST parameter to admin/login.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 2.2. Other versions may also be affected. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: DeadLy DeMon OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 27 21:44:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 28 Dec 2010 06:44:17 +0100 Subject: [SEC] [SA42710] Mafya Oyun Scrpti "id" SQL Injection Vulnerability Message-ID: <201012280544.oBS5iHrH030956@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Mafya Oyun Scrpti "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42710 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42710/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42710 RELEASE DATE: 2010-12-28 DISCUSS ADVISORY: http://secunia.com/advisories/42710/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42710/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42710 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Mafya Oyun Scrpti, which can be exploited by malicious users to conduct SQL injection attacks. Input passed via the "id" parameter to profil.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: DeadLy DeMon OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 28 10:29:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 28 Dec 2010 19:29:18 +0100 Subject: [SEC] [SA42751] Coppermine Photo Gallery Cross-Site Scripting Vulnerabilities Message-ID: <201012281829.oBSITITF020773@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Coppermine Photo Gallery Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA42751 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42751/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42751 RELEASE DATE: 2010-12-28 DISCUSS ADVISORY: http://secunia.com/advisories/42751/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42751/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42751 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Janek Vind has discovered some vulnerabilities in Coppermine Photo Gallery, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed to the "h" and "t" parameters in help.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Certain input passed to searchnew.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 1.5.10. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Janek Vind ORIGINAL ADVISORY: waraxe-2010-SA#079: http://www.waraxe.us/advisory-79.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 28 11:29:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 28 Dec 2010 20:29:02 +0100 Subject: [SEC] [SA42756] Ideh Pardaz Easy Portal "id" SQL Injection Vulnerability Message-ID: <201012281929.oBSJT2ps011227@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ideh Pardaz Easy Portal "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42756 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42756/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42756 RELEASE DATE: 2010-12-28 DISCUSS ADVISORY: http://secunia.com/advisories/42756/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42756/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42756 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Ideh Pardaz Easy Portal, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to Modules/Administrative/ShowPhotos/ShowImages.aspx (when "FieldName" is set to "Content_Image1") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: Securitylab.ir OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 28 12:29:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 28 Dec 2010 21:29:00 +0100 Subject: [SEC] [SA42750] httpdASM Directory Traversal Vulnerability Message-ID: <201012282029.oBSKT0HX001618@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: httpdASM Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA42750 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42750/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42750 RELEASE DATE: 2010-12-28 DISCUSS ADVISORY: http://secunia.com/advisories/42750/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42750/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42750 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered a vulnerability in httpdASM, which can be exploited by malicious people to disclose system information. Input passed via the URL is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks. The vulnerability is confirmed in version 0.9.2. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only (e.g. via network access control lists). PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: http://www.johnleitch.net/Vulnerabilities/httpdASM.0.92.Directory.Traversal/73 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 28 13:29:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 28 Dec 2010 22:29:10 +0100 Subject: [SEC] [SA42754] SocialEngine Music Sharing Plugin Arbitrary File Upload Vulnerability Message-ID: <201012282129.oBSLTAZ3024537@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SocialEngine Music Sharing Plugin Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA42754 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42754/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42754 RELEASE DATE: 2010-12-28 DISCUSS ADVISORY: http://secunia.com/advisories/42754/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42754/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42754 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in SocialEngine Music Sharing Plugin, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to the application not properly validating uploaded files when uploading music files. This can be exploited to upload malicious PHP scripts to the web server. Successful exploitation requires access to the SocialEngine Music Sharing Plugin. The vulnerability is confirmed in version 4.0.4. Prior versions may also be affected. SOLUTION: Update to SocialEngine Music Sharing Plugin version 4.0.5p2. PROVIDED AND/OR DISCOVERED BY: MyDoom ORIGINAL ADVISORY: SocialEngine: http://www.socialengine.net/blog/article?id=119&article=Happy-New-Year OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 29 10:29:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 29 Dec 2010 19:29:30 +0100 Subject: [SEC] [SA42766] KaiBB Script Insertion and SQL Injection Vulnerabilities Message-ID: <201012291829.oBTITUFq004911@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: KaiBB Script Insertion and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA42766 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42766/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42766 RELEASE DATE: 2010-12-29 DISCUSS ADVISORY: http://secunia.com/advisories/42766/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42766/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42766 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered some vulnerabilities in KaiBB, which can be exploited by malicious users to conduct script insertion attacks and SQL injection attacks and by malicious people to conduct SQL injection attacks.. 1) Input passed via the "[url]" BBcode tag when posting a new topic is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 2) Input passed via the "user" parameter to index.php and the "term" parameter to index.php (when "s" is set to "search") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. The vulnerabilities are confirmed in version 1.0.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: High-Tech Bridge SA (HTB22747, HTB22748, HTB22749) http://www.htbridge.ch/advisory/bbcode_xss_in_kaibb.html http://www.htbridge.ch/advisory/sql_injection_in_kaibb.html http://www.htbridge.ch/advisory/sql_injection_in_kaibb_1.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 29 11:29:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 29 Dec 2010 20:29:44 +0100 Subject: [SEC] [SA42748] LiveZilla "livezilla" Cross-Site Scripting Vulnerability Message-ID: <201012291929.oBTJTi8k027809@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: LiveZilla "livezilla" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42748 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42748/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42748 RELEASE DATE: 2010-12-29 DISCUSS ADVISORY: http://secunia.com/advisories/42748/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42748/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42748 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in LiveZilla, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "livezilla" parameter to server.php (when "request" is set to "track") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in version 3.2.0.2. Prior versions may also be affected. SOLUTION: The vendor has released an updated version 3.2.0.2 on November 17, 2010, which fixes the vulnerability. PROVIDED AND/OR DISCOVERED BY: Ulisses Castro, Conviso IT Security. ORIGINAL ADVISORY: Conviso IT Security: http://www.conviso.com.br/livezilla-cross-site-scripting-vulnerability-cve-2010-4276/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 29 12:29:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 29 Dec 2010 21:29:41 +0100 Subject: [SEC] [SA42752] Techphoebe QuickShare File Server Directory Traversal Vulnerability Message-ID: <201012292029.oBTKTfkB018265@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Techphoebe QuickShare File Server Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA42752 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42752/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42752 RELEASE DATE: 2010-12-29 DISCUSS ADVISORY: http://secunia.com/advisories/42752/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42752/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42752 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered a vulnerability in Techphoebe QuickShare File Server, which can be exploited by malicious users to disclose potentially sensitive information and compromise a vulnerable system. The vulnerability is caused due to the HTTP server not properly filtering directory traversal sequences, which can be exploited to e.g. read or write arbitrary files outside the server's root directory by sending specially crafted requests to the server. Successful exploitation to write to files outside of the server's root directory requires write privileges. The vulnerability is confirmed in version 1.2. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: http://www.johnleitch.net/Vulnerabilities/QuickShare.File.Server.1.2.Directory.Traversal.Arbitrary.Upload/75 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 29 13:29:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 29 Dec 2010 22:29:42 +0100 Subject: [SEC] [SA42749] Chilkat FTP-2 ActiveX Component Insecure Methods Message-ID: <201012292129.oBTLTgcE008740@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Chilkat FTP-2 ActiveX Component Insecure Methods SECUNIA ADVISORY ID: SA42749 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42749/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42749 RELEASE DATE: 2010-12-29 DISCUSS ADVISORY: http://secunia.com/advisories/42749/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42749/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42749 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: rgod has discovered some vulnerabilities in the Chilkat FTP-2 ActiveX component, which can be exploited by malicious people to disclose sensitive information and compromise a user's system. The vulnerabilities are caused due to the "ChilkatFtp2.ChilkatFtp2" ActiveX control (ChilkatFtp2.dll) including e.g. the insecure "GetFile()" or "PutFile()" methods. This can be exploited to disclose sensitive information or place malicious files on a victim's computer by tricking a user into visiting a specially crafted website. Note: There may be further insecure methods allowing for similar attacks. The vulnerabilities are confirmed in version 2.6.10.1. Other versions may also be affected. SOLUTION: Set the kill-bit for the affected ActiveX control. PROVIDED AND/OR DISCOVERED BY: rgod ORIGINAL ADVISORY: http://retrogod.altervista.org/9sg_chilkat.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 30 10:30:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 30 Dec 2010 19:30:07 +0100 Subject: [SEC] [SA42785] Academic Web Tools "a_code" Cross-Site Scripting Vulnerability Message-ID: <201012301830.oBUIU7YO015765@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Academic Web Tools "a_code" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA42785 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42785/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42785 RELEASE DATE: 2010-12-30 DISCUSS ADVISORY: http://secunia.com/advisories/42785/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42785/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42785 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Academic Web Tools, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "a_code" parameter in browse.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in version 1.8.7.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: N. Fathi and M. R. Faghani of Isfahan University of Technology Computer Emergency Response Team ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2010-12/0259.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 30 11:31:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 30 Dec 2010 20:31:03 +0100 Subject: [SEC] [SA42781] PHP-addressbook "group_name" SQL Injection Vulnerability Message-ID: <201012301931.oBUJV3t5006282@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: PHP-addressbook "group_name" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA42781 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42781/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42781 RELEASE DATE: 2010-12-30 DISCUSS ADVISORY: http://secunia.com/advisories/42781/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42781/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42781 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in PHP-addressbook, which can be exploited by malicious users to conduct SQL injection attacks. Input passed via the "group_name" parameter to group.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. The vulnerability is confirmed in version 6.2.5. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: hiphop ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/15848/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 30 12:30:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 30 Dec 2010 21:30:25 +0100 Subject: [SEC] [SA42628] Streber Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201012302030.oBUKUPll029118@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Streber Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA42628 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42628/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42628 RELEASE DATE: 2010-12-30 DISCUSS ADVISORY: http://secunia.com/advisories/42628/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42628/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42628 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in Streber, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "from" parameter, via the "person" parameter (when "go" is set to e.g. "companyNew"), and via the "style" parameter (when "go" is set to "changeBlockStyle", "block_id" is set to a non-NULL value, and "page_id" is set to "projList") to index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 0.0912. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Russ McRee OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 30 13:30:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 30 Dec 2010 22:30:19 +0100 Subject: [SEC] [SA42755] WordPress KSES Library Script Insertion Vulnerability Message-ID: <201012302130.oBULUJ1I019580@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: WordPress KSES Library Script Insertion Vulnerability SECUNIA ADVISORY ID: SA42755 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42755/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42755 RELEASE DATE: 2010-12-30 DISCUSS ADVISORY: http://secunia.com/advisories/42755/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42755/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42755 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in WordPress, which can be exploited by malicious users to conduct script insertion attacks. Certain unspecified input is not properly sanitised in the KSES library before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site when the malicious data is being viewed. The vulnerability is reported in versions prior to 3.0.4. SOLUTION: Update to version 3.0.4. PROVIDED AND/OR DISCOVERED BY: The vendor credits Mauro Gentile and Jon Cave (duck_). ORIGINAL ADVISORY: WordPress: http://wordpress.org/news/2010/12/3-0-4-update/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 30 14:23:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 30 Dec 2010 23:23:43 +0100 Subject: [SEC] [SA42774] TorrentTrader Cross-Site Scripting and SQL Injection Vulnerabilities Message-ID: <201012302223.oBUMNhxe009743@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: TorrentTrader Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA42774 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42774/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42774 RELEASE DATE: 2010-12-30 DISCUSS ADVISORY: http://secunia.com/advisories/42774/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42774/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42774 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in TorrentTrader, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks. 1) Input passed via the "name" parameter to blocks-edit.php (when "preview" is set) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation of this vulnerability requires that "register_globals" is enabled. 2) Input passed via the "text" and "form" parameters to backend/smilies.php (when "action" is set to "display") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed via the "parent_check" parameter to torrents.php and torrents-search.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that "register_globals" is enabled. 4) Input passed via the "parent_cat" parameter to torrents-search.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. The vulnerabilities are confirmed in version 2.06. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: EsS4ndre ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/15857/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 30 14:45:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 30 Dec 2010 23:45:03 +0100 Subject: [SEC] [SA42737] DD-WRT "Info.live.htm" Information Disclosure Security Issue Message-ID: <201012302245.oBUMj3nZ030866@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: DD-WRT "Info.live.htm" Information Disclosure Security Issue SECUNIA ADVISORY ID: SA42737 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42737/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42737 RELEASE DATE: 2010-12-30 DISCUSS ADVISORY: http://secunia.com/advisories/42737/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42737/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42737 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Craig Heffner has reported a security issue in DD-WRT, which can be exploited by malicious people to disclose system information. The security issue is caused due to the web based administrative interface not properly restricting access to the "Info.live.htm" page. This can be exploited to disclose e.g. internal client's IP addresses and hostnames, router's internal IP address as well as the MAC address. Successful exploitation requires that remote administration is enabled. The security issue is reported in version v24 preSP2 build 14311 and 14896 . Other versions may also be affected. SOLUTION: Disable remote administration or restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Craig Heffner ORIGINAL ADVISORY: http://www.devttys0.com/2010/12/dd-wrt-i-know-where-you-live/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 30 15:19:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 31 Dec 2010 00:19:32 +0100 Subject: [SEC] [SA42763] CA ARCserve D2D Axis2 Default Account Security Issue Message-ID: <201012302319.oBUNJWbY020290@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: CA ARCserve D2D Axis2 Default Account Security Issue SECUNIA ADVISORY ID: SA42763 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42763/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42763 RELEASE DATE: 2010-12-30 DISCUSS ADVISORY: http://secunia.com/advisories/42763/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42763/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42763 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: rgod has discovered a security issue in CA ARCserve D2D, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system. The security issue is caused due to the application deploying Axis2 with default credentials. This can be exploited to gain access to an affected system and execute arbitrary code by uploading a web service. The security issue is confirmed in version r15 Build 575. Other versions may also be affected. SOLUTION: Change the Axis2 credentials in "[install path]\ARCserve D2D\TOMCAT\webapps\WebServiceImpl\WEB-INF\conf\axis2.xml". PROVIDED AND/OR DISCOVERED BY: rgod ORIGINAL ADVISORY: http://retrogod.altervista.org/9sg_ca_d2d.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 30 15:47:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 31 Dec 2010 00:47:20 +0100 Subject: [SEC] [SA42784] Fedora update for Ajaxterm Message-ID: <201012302347.oBUNlKPM009310@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for Ajaxterm SECUNIA ADVISORY ID: SA42784 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42784/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42784 RELEASE DATE: 2010-12-31 DISCUSS ADVISORY: http://secunia.com/advisories/42784/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42784/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42784 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for Ajaxterm. This fixes a security issue, which can be exploited by malicious people to conduct hijacking attacks. For more information: SA38560 SOLUTION: Apply updated packages via the yum utility ("yum update Ajaxterm"). ORIGINAL ADVISORY: FEDORA-2010-18867: https://admin.fedoraproject.org/updates/Ajaxterm-0.10-13.fc13 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 30 16:13:01 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 31 Dec 2010 01:13:01 +0100 Subject: [SEC] [SA42783] Fedora update for tor Message-ID: <201012310013.oBV0D1Ul030636@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for tor SECUNIA ADVISORY ID: SA42783 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42783/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42783 RELEASE DATE: 2010-12-31 DISCUSS ADVISORY: http://secunia.com/advisories/42783/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42783/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42783 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for tor. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA42536 SOLUTION: Apply updated packages using the yum utility ("yum update tor"). ORIGINAL ADVISORY: FEDORA-2010-19159: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052657.html FEDORA-2010-19147: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052690.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 30 16:47:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 31 Dec 2010 01:47:39 +0100 Subject: [SEC] [SA42753] Debian update for wordpress Message-ID: <201012310047.oBV0ldbY019968@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Debian update for wordpress SECUNIA ADVISORY ID: SA42753 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42753/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42753 RELEASE DATE: 2010-12-31 DISCUSS ADVISORY: http://secunia.com/advisories/42753/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42753/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42753 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for wordpress. This fixes a vulnerability, which can be exploited by malicious users to conduct SQL injection attacks. For more information: SA42431 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2138-1 : http://lists.debian.org/debian-security-announce/2010/msg00189.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 31 10:29:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 31 Dec 2010 19:29:42 +0100 Subject: [SEC] [SA42765] Linux Kernel "load_mixer_volumes()" Vulnerabilities Message-ID: <201012311829.oBVITgZh023690@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Linux Kernel "load_mixer_volumes()" Vulnerabilities SECUNIA ADVISORY ID: SA42765 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42765/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42765 RELEASE DATE: 2010-12-31 DISCUSS ADVISORY: http://secunia.com/advisories/42765/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42765/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42765 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Dan Rosenberg has reported two vulnerabilities in the Linux Kernel, which can be exploited by malicious, local users to disclose certain system information and potentially gain escalated privileges. 1) A boundary error within the "load_mixer_volumes()" function in sound/oss/soundcard.c can be exploited to cause a buffer overflow and e.g. potentially execute arbitrary code in kernel mode by sending a specially crafted SOUND_MIXER_SETLEVELS IOCTL. 2) An error within the "load_mixer_volumes()" function in sound/oss/soundcard.c can be exploited to disclose certain kernel memory by sending a specially crafted SOUND_MIXER_SETLEVELS IOCTL. Successful exploitation requires that OSS is used and the attacker has write access to a vulnerable audio device (e.g. is member of the "audio" group). SOLUTION: Fixed in Takashi Iwai's "Sound development tree" GIT repository. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Dan Rosenberg ORIGINAL ADVISORY: Dan Rosenberg: http://www.openwall.com/lists/oss-security/2010/12/31/1 GIT commit: http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commitdiff;h=d81a12bc29ae4038770e05dce4ab7f26fd5880fb OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ----------------------------------------------------------------------