From sec-adv at secunia.com Thu Jul 1 10:27:06 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 1 Jul 2010 19:27:06 +0200 Subject: [SEC] [SA40429] SUSE update for java-1_6_0-ibm Message-ID: <201007011727.o61HR6qW009549@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: SUSE update for java-1_6_0-ibm SECUNIA ADVISORY ID: SA40429 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40429/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40429 RELEASE DATE: 2010-07-01 DISCUSS ADVISORY: http://secunia.com/advisories/40429/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40429/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40429 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for java-1_6_0-ibm. This fixes multiple vulnerabilities, where some have an unknown impact and others can potentially be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), or compromise a vulnerable system. For more information: SA39477 SA40057 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SUSE-SA:2010:026: http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00001.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jul 1 11:27:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 1 Jul 2010 20:27:07 +0200 Subject: [SEC] [SA40355] TortoiseSVN Spoofing Vulnerability Message-ID: <201007011827.o61IR7YD032050@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: TortoiseSVN Spoofing Vulnerability SECUNIA ADVISORY ID: SA40355 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40355/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40355 RELEASE DATE: 2010-07-01 DISCUSS ADVISORY: http://secunia.com/advisories/40355/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40355/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40355 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in TortoiseSVN, which can be exploited by malicious people to conduct spoofing attacks. The vulnerability is caused due to the use of a vulnerable version of the neon library. For more information: SA36371 Note: This also fixes a Denial of Service when processing certain XML entities. SOLUTION: Update to version 1.6.5. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://tortoisesvn.net/node/378 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jul 1 12:27:15 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 1 Jul 2010 21:27:15 +0200 Subject: [SEC] [SA40405] SUSE update for samba Message-ID: <201007011927.o61JRFtA022163@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: SUSE update for samba SECUNIA ADVISORY ID: SA40405 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40405/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40405 RELEASE DATE: 2010-07-01 DISCUSS ADVISORY: http://secunia.com/advisories/40405/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40405/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40405 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for samba. This fixes a security issue, which can be exploited by malicious, local users to disclose potentially sensitive information and potentially gain escalated privileges and a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system. For more information: SA38286 SA40145 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SA:2010:025: http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00000.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jul 1 13:27:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 1 Jul 2010 22:27:08 +0200 Subject: [SEC] [SA40373] Flash Slideshow Maker Project Files Buffer Overflow Vulnerabilities Message-ID: <201007012027.o61KR8j1012281@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Flash Slideshow Maker Project Files Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA40373 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40373/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40373 RELEASE DATE: 2010-07-01 DISCUSS ADVISORY: http://secunia.com/advisories/40373/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40373/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40373 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in Flash Slideshow Maker, which potentially can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to boundary errors when processing Flash Slideshow Maker Project files (*.fss). These can be exploited to cause heap-based buffer overflows by tricking a user into opening a specially crafted file containing e.g. an overly long "Photo_Data" element or overly long "Title", "Description", or "Url" attribute of the "Photo_Data" element. The vulnerabilities are confirmed in version 5.0. Other versions may also be affected. SOLUTION: Do not open untrusted Flash Slideshow Maker Project files. PROVIDED AND/OR DISCOVERED BY: Bui Quang Minh, BKIS. Additional information provided by Secunia Research. ORIGINAL ADVISORY: http://security.bkis.com/vulnerability-in-flash-slideshow-maker/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jul 1 14:20:53 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 1 Jul 2010 23:20:53 +0200 Subject: [SEC] [SA40375] Opera Two Security Issues Message-ID: <201007012120.o61LKrpE002052@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Opera Two Security Issues SECUNIA ADVISORY ID: SA40375 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40375/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40375 RELEASE DATE: 2010-07-01 DISCUSS ADVISORY: http://secunia.com/advisories/40375/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40375/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40375 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two security issues have been reported in Opera, which can be exploited by malicious people to disclose potentially sensitive information or compromise a user's system. 1) A design error in the "Download" dialog can be exploited cause a file to be downloaded and executed if a user is tricked into double-clicking a link on a specially crafted page. 2) An error in the handling of file upload forms can be exploited to cause a user to unintentionally upload an arbitrary file from the local file system if the user is tricked into pasting clipboard content into a form on a specially crafted web site. Successful exploitation requires that the clipboard contains a string that specifies a path to a local file, e.g. set by a plug-in. The security issues are reported in versions prior to 10.60. SOLUTION: Update to version 10.60. PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor. 2) The vendor credits Andrew Valums. ORIGINAL ADVISORY: Opera: http://www.opera.com/docs/changelogs/windows/1060/ http://www.opera.com/support/kb/view/957/ http://www.opera.com/support/kb/view/958/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jul 1 14:44:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 1 Jul 2010 23:44:07 +0200 Subject: [SEC] [SA40370] Cerberus FTP Server "MLSD" and "MLST" Commands Hidden Files Security Bypass Message-ID: <201007012144.o61Li7pJ022949@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Cerberus FTP Server "MLSD" and "MLST" Commands Hidden Files Security Bypass SECUNIA ADVISORY ID: SA40370 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40370/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40370 RELEASE DATE: 2010-07-01 DISCUSS ADVISORY: http://secunia.com/advisories/40370/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40370/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40370 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Cerberus FTP Server, which can be exploited by malicious users to bypass certain security restrictions. The security issue is caused due to the "MLSD" and "MLST" commands listing hidden files, although the "Display hidden files" option is disabled. This can be exploited to gain knowledge of hidden files. The security issue is reported in version 4.0.2.2. Prior versions may also be affected. SOLUTION: Update to version 4.0.3.0. PROVIDED AND/OR DISCOVERED BY: Reported in a forum post by Tuxman. ORIGINAL ADVISORY: http://www.cerberusftp.com/releasenotes.html http://www.cerberusftp.com/phpBB3/viewtopic.php?f=4&t=644 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jul 1 15:09:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Jul 2010 00:09:13 +0200 Subject: [SEC] [SA40383] Red Hat update for acroread Message-ID: <201007012209.o61M9DMg011585@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Red Hat update for acroread SECUNIA ADVISORY ID: SA40383 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40383/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40383 RELEASE DATE: 2010-07-01 DISCUSS ADVISORY: http://secunia.com/advisories/40383/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40383/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40383 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for acroread. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA40034 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0503-1: https://rhn.redhat.com/errata/RHSA-2010-0503.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jul 1 15:22:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Jul 2010 00:22:27 +0200 Subject: [SEC] [SA40392] webERP Cross-Site Request Forgery Vulnerability Message-ID: <201007012222.o61MMRsD031998@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: webERP Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA40392 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40392/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40392 RELEASE DATE: 2010-07-02 DISCUSS ADVISORY: http://secunia.com/advisories/40392/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40392/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40392 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Canberk BOLAT has discovered a vulnerability in webERP, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change an administrator's password or add a new administrative user by tricking a logged in administrative user into visiting a malicious web site. The vulnerability is confirmed in version 3.11.4. Other versions may also be affected. SOLUTION: Do not browse untrusted websites or follow untrusted links while logged in to the application. PROVIDED AND/OR DISCOVERED BY: Canberk BOLAT, ADEO Security Labs ORIGINAL ADVISORY: ADEO Security Labs: http://security.adeo.com.tr/Makale/15-weberp-v3-11-4-multiple-vulnerabilities.adeo OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jul 1 15:43:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Jul 2010 00:43:27 +0200 Subject: [SEC] [SA40335] python-cjson Unicode Character Encoding Buffer Overflow Vulnerability Message-ID: <201007012243.o61MhR5f020336@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: python-cjson Unicode Character Encoding Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA40335 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40335/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40335 RELEASE DATE: 2010-07-02 DISCUSS ADVISORY: http://secunia.com/advisories/40335/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40335/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40335 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in python-cjson, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the module. The vulnerability is caused due to a boundary error when encoding certain wide unicode character sequences. This can be exploited to cause a buffer overflow by e.g. tricking an application into encoding specially crafted wide unicode strings. The vulnerability is reported in version 1.0.5 on UCS4 builds. Other versions may also be affected. SOLUTION: Use another module. PROVIDED AND/OR DISCOVERED BY: Matt Giuca ORIGINAL ADVISORY: https://bugs.launchpad.net/ubuntu/+source/python-cjson/+bug/585274 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jul 1 15:55:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Jul 2010 00:55:39 +0200 Subject: [SEC] [SA39638] Ubuntu update for sudo Message-ID: <201007012255.o61MtdZi008298@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Ubuntu update for sudo SECUNIA ADVISORY ID: SA39638 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39638/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39638 RELEASE DATE: 2010-07-02 DISCUSS ADVISORY: http://secunia.com/advisories/39638/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39638/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39638 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for sudo. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions. For more information: SA40002 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-956-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-June/001115.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jul 1 16:09:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Jul 2010 01:09:49 +0200 Subject: [SEC] [SA39935] Mako "cgi.escape()" Cross-Site Scripting Vulnerability Message-ID: <201007012309.o61N9n79028746@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Mako "cgi.escape()" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA39935 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39935/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39935 RELEASE DATE: 2010-07-02 DISCUSS ADVISORY: http://secunia.com/advisories/39935/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39935/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39935 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Mako, which can be exploited by malicious people to conduct cross-site scripting or script insertion attacks. The vulnerability is caused due to Mako using the "cgi.escape()" function to sanitise input, which does not properly filter single quotes. This can be exploited to e.g. execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 0.3.4. SOLUTION: Update to version 0.3.4. PROVIDED AND/OR DISCOVERED BY: Craig Younkins ORIGINAL ADVISORY: http://bugs.python.org/issue9061 http://www.makotemplates.org/CHANGES OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jul 1 16:22:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Jul 2010 01:22:47 +0200 Subject: [SEC] [SA40409] Fedora update for kvirc Message-ID: <201007012322.o61NMlbY016736@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Fedora update for kvirc SECUNIA ADVISORY ID: SA40409 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40409/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40409 RELEASE DATE: 2010-07-02 DISCUSS ADVISORY: http://secunia.com/advisories/40409/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40409/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40409 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for kvirc. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA32410 SOLUTION: Apply updated packages via the yum utility ("yum update kvirc"). ORIGINAL ADVISORY: FEDORA-2010-10529: http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043629.html FEDORA-2010-10522: http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043601.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jul 1 16:43:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Jul 2010 01:43:32 +0200 Subject: [SEC] [SA40400] Fedora update for lftp Message-ID: <201007012343.o61NhW3n005072@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Fedora update for lftp SECUNIA ADVISORY ID: SA40400 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40400/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40400 RELEASE DATE: 2010-07-02 DISCUSS ADVISORY: http://secunia.com/advisories/40400/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40400/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40400 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for lftp. This fixes a weakness, which can be exploited by malicious people to bypass certain security features. For more information: SA39861 SOLUTION: Apply updated packages using the yum utility ("yum update lftp"). ORIGINAL ADVISORY: FEDORA-2010-9819: http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043597.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jul 1 16:55:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Jul 2010 01:55:22 +0200 Subject: [SEC] [SA40396] Kolab Server Multiple Vulnerabilities Message-ID: <201007012355.o61NtMoC025409@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Kolab Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40396 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40396/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40396 RELEASE DATE: 2010-07-02 DISCUSS ADVISORY: http://secunia.com/advisories/40396/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40396/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40396 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Kolab Server, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct spoofing attacks, gain access to potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system. The vulnerabilities are caused due to the use of vulnerable ClamAV, OpenSSL, Apache, and PHP packages. For more information: SA38708 SA38776 SA39895 SA40024 SOLUTION: Update to version 2.2.4. ORIGINAL ADVISORY: http://kolab.org/pipermail/kolab-announce/2010/000095.html http://files.kolab.org/server/release/kolab-server-2.2.4/sources/release-notes.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jul 2 10:28:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Jul 2010 19:28:12 +0200 Subject: [SEC] [SA40399] D-Link DAP-1160 D-Link Security Bypass Vulnerabilities Message-ID: <201007021728.o62HSCjF028455@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: D-Link DAP-1160 D-Link Security Bypass Vulnerabilities SECUNIA ADVISORY ID: SA40399 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40399/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40399 RELEASE DATE: 2010-07-02 DISCUSS ADVISORY: http://secunia.com/advisories/40399/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40399/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40399 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Cristofaro Mune has reported a weakness and a vulnerability in D-Link DAP-1160, which can be exploited by malicious people to bypass certain security restrictions. 1) A vulnerability is caused due to the device accepting certain D-Link Click'n'Connect commands without prior authentication, which can be exploited to e.g. change certain configuration settings by sending specially crafted packets to port 2003/UDP. 2) A weakness is reported due to the device allowing requests to "tools_firmw.htm" without any authentication, if the request is sent within the first 40 seconds after the device booted and if it's the first HTTP request to the device. Note: The device can be remotely rebooted without authentication by exploiting vulnerability #1. The vulnerability and the weakness are reported in firmware versions 1.20b06, 1.30b10, and 1.31b01. Other versions may also be affected. SOLUTION: Use in trusted network environments only. PROVIDED AND/OR DISCOVERED BY: Cristofaro Mune ORIGINAL ADVISORY: http://www.icysilence.org/?tag=is-2010-004 http://www.icysilence.org/?tag=is-2010-005 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jul 2 11:29:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Jul 2010 20:29:14 +0200 Subject: [SEC] [SA40422] LibTIFF Denial of Service Vulnerabilities Message-ID: <201007021829.o62ITEqe018605@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: LibTIFF Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA40422 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40422/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40422 RELEASE DATE: 2010-07-02 DISCUSS ADVISORY: http://secunia.com/advisories/40422/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40422/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40422 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in LibTIFF, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error within the "putcontig8bitYCbCr12tile()" function in libtiff/tif_getimage.c can be exploited to cause a crash when trying to flip an image vertically on 64-bit platforms. 2) An error within the "TIFFYCbCrtoRGB()" function in libtiff/tif_color.c when processing invalid ReferenceBlackWhite values can be exploited to cause a crash. 3) An assertion error within the "OJPEGPostDecode()" function in libtiff/tif_ojpeg.c can be exploited to terminate an application using the library. 4) The "TIFFNewScanlineSize()", "TIFFScanlineSize()", and "TIFFVStripSize()" functions in libtiff/tif_strip.c call the "TIFFGetField()" without properly checking the return value, which can potentially be exploited to e.g. cause a crash. 5) The library does not properly handle images with "SamplesPerPixel" set to "1" and "Photometric" set to "YCbCr", which can be exploited to cause a crash. 6) Errors when handling TIFF images with undefined strip byte counts can be exploited to cause a crash. SOLUTION: Do not process untrusted TIFF images. PROVIDED AND/OR DISCOVERED BY: 1-4, 6) Reported in e.g. Red Hat bug #583081 or #603024 5) Sauli Pahlman ORIGINAL ADVISORY: 1) http://bugzilla.maptools.org/show_bug.cgi?id=2207 https://bugzilla.redhat.com/show_bug.cgi?id=583081 2) http://bugzilla.maptools.org/show_bug.cgi?id=2208 https://bugzilla.redhat.com/show_bug.cgi?id=583081 3) http://bugzilla.maptools.org/show_bug.cgi?id=2209 https://bugzilla.redhat.com/show_bug.cgi?id=583081 4) http://bugzilla.maptools.org/show_bug.cgi?id=2215 https://bugzilla.redhat.com/show_bug.cgi?id=583081 5) http://bugzilla.maptools.org/show_bug.cgi?id=2216 6) http://bugzilla.maptools.org/show_bug.cgi?id=1996#c12 https://bugzilla.redhat.com/show_bug.cgi?id=603024#c9 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jul 2 12:28:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Jul 2010 21:28:17 +0200 Subject: [SEC] [SA40460] The Lord of the Rings Gamespy "NATHOST" and "NATINITED" Buffer Overflow Vulnerability Message-ID: <201007021928.o62JSG2V008692@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: The Lord of the Rings Gamespy "NATHOST" and "NATINITED" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA40460 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40460/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40460 RELEASE DATE: 2010-07-02 DISCUSS ADVISORY: http://secunia.com/advisories/40460/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40460/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40460 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has reported a vulnerability in various The Lord of the Rings games, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing the Gamespy "NATHOST" and "NATINITED" commands. For more information: SA40459 The vulnerability is reported in the following games an versions: The Lord of the Rings: Battle for Middle-Earth version 1.03 The Lord of the Rings: Battle for Middle-Earth 2 version 1.06 The Lord of the Rings: Battle for Middle-Earth 2 The Rise of the Witch-king version 2.01 Other games and versions may also be affected. SOLUTION: Do not play or host online games. Do not join the peerchat server. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/eagsbof-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jul 2 13:28:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Jul 2010 22:28:07 +0200 Subject: [SEC] [SA40406] Fedora update for libtiff Message-ID: <201007022028.o62KS7Gp031202@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Fedora update for libtiff SECUNIA ADVISORY ID: SA40406 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40406/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40406 RELEASE DATE: 2010-07-02 DISCUSS ADVISORY: http://secunia.com/advisories/40406/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40406/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40406 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for libtiff. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise an application using the library. For more information: SA40181 SA40241 SA40422 SOLUTION: Apply updated packages using the yum utility ("yum update libtiff"). ORIGINAL ADVISORY: FEDORA-2010-10334: http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043661.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jul 2 14:22:15 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Jul 2010 23:22:15 +0200 Subject: [SEC] [SA40459] Command & Conquer Gamespy "NATHOST" and "NATINITED" Buffer Overflow Vulnerability Message-ID: <201007022122.o62LMFDe021056@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Command & Conquer Gamespy "NATHOST" and "NATINITED" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA40459 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40459/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40459 RELEASE DATE: 2010-07-02 DISCUSS ADVISORY: http://secunia.com/advisories/40459/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40459/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40459 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has reported a vulnerability in various Command & Conquer games, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing the Gamespy "NATHOST" and "NATINITED" commands, which can be exploited to cause a stack-based buffer overflow by joining a room on the peerchat server and sending specially crafted commands. The vulnerability is reported in the following games and versions: Command & Conquer 3: Kane's Wrath version 1.02 Command & Conquer 3: Tiberium Wars version 1.09 Command & Conquer: Red Alert 3 version 1.12 Command & Conquer: Red Alert 3 ? Uprising version 1.00 Other games and versions may also be affected. SOLUTION: Do not play or host online games. Do not join the peerchat server. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/eagsbof-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jul 2 14:45:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Jul 2010 23:45:29 +0200 Subject: [SEC] [SA40430] Zoph Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201007022145.o62LjTFV009531@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Zoph Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA40430 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40430/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40430 RELEASE DATE: 2010-07-02 DISCUSS ADVISORY: http://secunia.com/advisories/40430/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40430/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40430 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Zoph, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to some parameters in php/page.inc.php, php/notify.php, php/person.inc.php, php/person.php, php/photo_search.inc.php, php/place.inc.php, php/places.php, php/search.php, php/user.php, php/util.inc.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in versions prior to 0.8.0.3. SOLUTION: Update to version 0.8.0.3. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://en.wikibooks.org/wiki/Zoph/Changelog#Zoph_0.8.0.3 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jul 2 15:09:57 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Jul 2010 00:09:57 +0200 Subject: [SEC] [SA40412] Microsoft Internet Information Services Basic Authentication Security Bypass Message-ID: <201007022209.o62M9vTD030536@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Microsoft Internet Information Services Basic Authentication Security Bypass SECUNIA ADVISORY ID: SA40412 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40412/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40412 RELEASE DATE: 2010-07-02 DISCUSS ADVISORY: http://secunia.com/advisories/40412/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40412/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40412 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Soroush Dalili has discovered a vulnerability in Microsoft Internet Information Services, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in the handling of basic authentication for directories. This can be exploited to bypass authentication and access e.g. protected directories by appending the NTFS stream name and stream type (":$i30:$INDEX_ALLOCATION") to the directory name within a request. The vulnerability is confirmed in version 5.1 on a fully-patched Windows XP SP3. Other versions may also be affected. SOLUTION: Do not rely on the basic authentication method to restrict access to resources. PROVIDED AND/OR DISCOVERED BY: Soroush Dalili ORIGINAL ADVISORY: http://soroush.secproject.com/blog/2010/07/iis5-1-directory-authentication-bypass-by-using-i30index_allocation/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jul 2 15:23:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Jul 2010 00:23:33 +0200 Subject: [SEC] [SA40418] SUSE update for kernel Message-ID: <201007022223.o62MNXot018563@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: SUSE update for kernel SECUNIA ADVISORY ID: SA40418 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40418/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40418 RELEASE DATE: 2010-07-03 DISCUSS ADVISORY: http://secunia.com/advisories/40418/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40418/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40418 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for kernel. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). An error within the SCTP subsystem can be exploited to cause a crash via a specially crafted packet. SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SA:2010:027: http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00002.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jul 2 15:44:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Jul 2010 00:44:59 +0200 Subject: [SEC] [SA40441] iScripts AutoHoster "planid" SQL Injection Vulnerability Message-ID: <201007022244.o62MixEF006952@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: iScripts AutoHoster "planid" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA40441 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40441/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40441 RELEASE DATE: 2010-07-03 DISCUSS ADVISORY: http://secunia.com/advisories/40441/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40441/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40441 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in iScripts AutoHoster, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "planid" POST parameter to compareplans.php (when "id" is set to "4") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Sangteamtham OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jul 2 16:11:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Jul 2010 01:11:08 +0200 Subject: [SEC] [SA40455] Bugzilla "data/webdot" and ".bzr" Information Disclosure Message-ID: <201007022311.o62NB8K6027952@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Bugzilla "data/webdot" and ".bzr" Information Disclosure SECUNIA ADVISORY ID: SA40455 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40455/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40455 RELEASE DATE: 2010-07-03 DISCUSS ADVISORY: http://secunia.com/advisories/40455/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40455/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40455 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Bugzilla, which can be exploited by malicious, local users to disclose potentially sensitive information. The security issue is caused due to Install/Filesystem.pm not setting proper permissions for the "data/webdot" and ".bzr" folders if "$use_suexec" is set to "1", which can be exploited to e.g. disclose potentially sensitive information. This is related to vulnerability #2 in: SA40300 The security issue is reported in version 3.5.1 through 3.6.1 and 3.7 through 3.7.1. Other versions may also be affected. SOLUTION: Manually set appropriate permissions. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: https://bugzilla.mozilla.org/show_bug.cgi?id=576060 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jul 2 16:43:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Jul 2010 01:43:11 +0200 Subject: [SEC] [SA40434] iScripts CyberMatch "id" SQL Injection Vulnerability Message-ID: <201007022343.o62NhBVc016810@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: iScripts CyberMatch "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA40434 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40434/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40434 RELEASE DATE: 2010-07-03 DISCUSS ADVISORY: http://secunia.com/advisories/40434/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40434/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40434 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Salvatore Fresta has reported a vulnerability in iScripts CyberMatch, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to profile.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Salvatore Fresta ORIGINAL ADVISORY: http://www.salvatorefresta.net/files/adv/iScripts%20CyberMatch%201.0%20Blind%20SQL%20Injection%20Vulnerability-02072010.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jul 2 16:55:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Jul 2010 01:55:19 +0200 Subject: [SEC] [SA40432] bitweaver "style" File Inclusion Vulnerability Message-ID: <201007022355.o62NtJX7004768@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: bitweaver "style" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA40432 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40432/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40432 RELEASE DATE: 2010-07-03 DISCUSS ADVISORY: http://secunia.com/advisories/40432/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40432/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40432 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered a vulnerability in bitweaver, which can be exploited by malicious people to disclose potentially sensitive information. Input passed to the "style" parameter in wiki/rankings.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes. The vulnerability is confirmed in version 2.7. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: http://cross-site-scripting.blogspot.com/2010/07/bit-weaver-27-local-file-inclusion.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jul 2 17:10:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Jul 2010 02:10:25 +0200 Subject: [SEC] [SA40448] iScripts EasySnaps Multiple SQL Injection Vulnerabilities Message-ID: <201007030010.o630APGu025264@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: iScripts EasySnaps Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA40448 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40448/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40448 RELEASE DATE: 2010-07-03 DISCUSS ADVISORY: http://secunia.com/advisories/40448/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40448/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40448 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Salvatore Fresta has reported some vulnerabilities in iScripts EasySnaps, which can be exploited by malicious users to conduct SQL injection attacks. Input passed via the "comment" parameter to add_comments.php, "begin" parameter to greetings.php, and the "values" parameter to tags_details.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Salvatore Fresta aka Drosophila ORIGINAL ADVISORY: http://www.salvatorefresta.net/files/adv/iScripts%20EasySnaps%202.0%20Multiple%20SQL%20Injection%20Vulnerabilities-01072010.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jul 2 17:22:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Jul 2010 02:22:30 +0200 Subject: [SEC] [SA40454] TomatoCart Cross-Site Request Forgery Vulnerability Message-ID: <201007030022.o630MUYp013224@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: TomatoCart Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA40454 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40454/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40454 RELEASE DATE: 2010-07-03 DISCUSS ADVISORY: http://secunia.com/advisories/40454/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40454/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40454 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered a vulnerability in TomatoCart, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change an administrator's password or add a new administrative user by tricking a logged in administrative user into visiting a malicious web site. The vulnerability is confirmed in version 1.0.1. Other versions may also be affected. SOLUTION: Do not browse untrusted websites or follow untrusted links while logged in to the application. PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: http://cross-site-scripting.blogspot.com/2010/07/tomatocart-10.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jul 2 17:43:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Jul 2010 02:43:58 +0200 Subject: [SEC] [SA40431] Mahara Multiple Vulnerabilities Message-ID: <201007030043.o630hw9p001551@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Mahara Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40431 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40431/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40431 RELEASE DATE: 2010-07-03 DISCUSS ADVISORY: http://secunia.com/advisories/40431/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40431/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40431 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Mahara, which can be exploited by malicious people to conduct cross-site scripting, cross-site request forgery, and SQL injection attacks and bypass certain security restrictions. 1) Input passed to unspecified parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) A cross-site scripting vulnerability exists in the bundled version of HTML Purifier. For more information: SA39613 3) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to modify unspecified content hosted by the application if a logged-in user visits a malicious web site. 4) Input passed via unspecified parameters is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This vulnerability is reported in versions prior to 1.1.9, and 1.2.5 only. 5) An error within the authentication mechanism when handling login attempts for Single-Sign-On (SSO) accounts can be exploited to bypass the authentication by providing a valid username and an empty password. The vulnerabilities are reported in versions prior to 1.0.15, 1.1.9, and 1.2.5. SOLUTION: Update to version 1.0.15, 1.1.9, or 1.2.5. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://wiki.mahara.org/Release_Notes/1.0.15 http://wiki.mahara.org/Release_Notes/1.1.9 http://wiki.mahara.org/Release_Notes/1.2.5 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jul 2 18:08:15 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Jul 2010 03:08:15 +0200 Subject: [SEC] [SA40435] iScripts ReserveLogic "pid" SQL Injection Vulnerability Message-ID: <201007030108.o6318F4T022533@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: iScripts ReserveLogic "pid" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA40435 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40435/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40435 RELEASE DATE: 2010-07-03 DISCUSS ADVISORY: http://secunia.com/advisories/40435/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40435/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40435 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Salvatore Fresta has reported a vulnerability in iScripts ReserveLogic, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "pid" parameter to packagedetails.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Salvatore Fresta aka Drosophila ORIGINAL ADVISORY: http://www.salvatorefresta.net/files/adv/iScripts%20ReserveLogic%201.0%20SQL%20Injection%20Vulnerability-01072010.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jul 2 18:22:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Jul 2010 03:22:59 +0200 Subject: [SEC] [SA40420] Red Hat update for kernel Message-ID: <201007030122.o631MxoD010601@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Red Hat update for kernel SECUNIA ADVISORY ID: SA40420 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40420/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40420 RELEASE DATE: 2010-07-03 DISCUSS ADVISORY: http://secunia.com/advisories/40420/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40420/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40420 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, and potentially gain escalated privileges, and by malicious people to cause a DoS. For more information: SA38229 SA38502 SA38594 1) An error within the SCTP subsystem can be exploited to cause a crash by sending a specially crafted packet. 2) An error exists within the implementation of the TIPC protocol, which can be exploited by malicious, local users to cause a NULL pointer dereference by sending datagrams through AF_TIPC before entering the network mode. 3) An error exists within the GFS2 implementation, which can be exploited to cause a memory corruption and e.g. cause a DoS or gain escalated privileges. Successful exploitation requires that the attacker has write access to a GFS2 file system mounted with the "quota=on" or "quota=account" options. 4) A race condition within the "find_keyring_by_name()" function in security/keys/keyring.c can be exploited to access freed memory and e.g. cause a system panic or gain escalated privileges. 5) An error exists within the "gfs2_set_flags()" function, which can be exploited to change certain file attributes of files on an GFS2 file system. SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Red Hat credits: 1) Jukka Taimisto and Olli Jarva of Codenomicon Ltd, Nokia Siemens Networks, and Wind River on behalf of their customer. 3) Mario Mikocevic 5) Dan Rosenberg ORIGINAL ADVISORY: RHSA-2010-0504: https://rhn.redhat.com/errata/RHSA-2010-0504.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jul 2 18:43:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Jul 2010 03:43:05 +0200 Subject: [SEC] [SA40443] iScripts SupportDesk "username" Cross-Site Scripting Vulnerability Message-ID: <201007030143.o631h5Ou031318@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: iScripts SupportDesk "username" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA40443 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40443/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40443 RELEASE DATE: 2010-07-03 DISCUSS ADVISORY: http://secunia.com/advisories/40443/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40443/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40443 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in iScripts SupportDesk, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "username" parameter to client_chat.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Sangteamtham OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jul 2 18:55:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Jul 2010 03:55:20 +0200 Subject: [SEC] [SA40356] Red Hat update for perl-Archive-Tar Message-ID: <201007030155.o631tKkL019276@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Red Hat update for perl-Archive-Tar SECUNIA ADVISORY ID: SA40356 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40356/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40356 RELEASE DATE: 2010-07-03 DISCUSS ADVISORY: http://secunia.com/advisories/40356/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40356/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40356 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for perl-Archive-Tar. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA27539 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0505-1: http://rhn.redhat.com/errata/RHSA-2010-0505.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jul 2 19:12:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Jul 2010 04:12:44 +0200 Subject: [SEC] [SA40314] Joomla JoomDOC Component File Disclosure Vulnerability Message-ID: <201007030212.o632Ciew009129@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Joomla JoomDOC Component File Disclosure Vulnerability SECUNIA ADVISORY ID: SA40314 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40314/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40314 RELEASE DATE: 2010-07-03 DISCUSS ADVISORY: http://secunia.com/advisories/40314/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40314/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40314 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the JoomDOC component for Joomla, which can be exploited by malicious users to disclose potentially sensitive information. For more information: SA40291 The vulnerability is reported in version 2.0.2. Other versions may also be affected. SOLUTION: Restrict access for accounts with "upload" and "edit" permissions to trusted users only. PROVIDED AND/OR DISCOVERED BY: An anonymous person. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jul 2 19:42:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Jul 2010 04:42:20 +0200 Subject: [SEC] [SA40411] Fedora update for libpng Message-ID: <201007030242.o632gKfs030267@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Fedora update for libpng SECUNIA ADVISORY ID: SA40411 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40411/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40411 RELEASE DATE: 2010-07-03 DISCUSS ADVISORY: http://secunia.com/advisories/40411/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40411/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40411 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for libpng. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA40302 SOLUTION: Apply updated packages using the yum utility ("yum update libpng"). ORIGINAL ADVISORY: FEDORA-2010-10557: http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043637.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jul 2 19:54:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Jul 2010 04:54:11 +0200 Subject: [SEC] [SA40423] Debian update for wireshark Message-ID: <201007030254.o632sBo8018214@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Debian update for wireshark SECUNIA ADVISORY ID: SA40423 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40423/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40423 RELEASE DATE: 2010-07-03 DISCUSS ADVISORY: http://secunia.com/advisories/40423/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40423/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40423 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for wireshark. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA40112 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA 2066-1: http://lists.debian.org/debian-security-announce/2010/msg00110.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 5 10:27:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 5 Jul 2010 19:27:46 +0200 Subject: [SEC] [SA40499] Mare Nostrum "STEAMCLIENTBLOB" Denial of Service Message-ID: <201007051727.o65HRkbl012724@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Mare Nostrum "STEAMCLIENTBLOB" Denial of Service SECUNIA ADVISORY ID: SA40499 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40499/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40499 RELEASE DATE: 2010-07-05 DISCUSS ADVISORY: http://secunia.com/advisories/40499/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40499/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40499 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has reported a vulnerability in Mare Nostrum, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing the "STEAMCLIENTBLOB" command. For more information: SA40415 SOLUTION: Use in trusted network environments only. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/tripwireless-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 5 11:27:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 5 Jul 2010 20:27:47 +0200 Subject: [SEC] [SA40497] Killing Floor "STEAMCLIENTBLOB" Denial of Service Message-ID: <201007051827.o65IRlxv002837@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Killing Floor "STEAMCLIENTBLOB" Denial of Service SECUNIA ADVISORY ID: SA40497 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40497/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40497 RELEASE DATE: 2010-07-05 DISCUSS ADVISORY: http://secunia.com/advisories/40497/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40497/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40497 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has reported a vulnerability in Killing Floor, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing the "STEAMCLIENTBLOB" command. For more information: SA40415 SOLUTION: Use in trusted network environments only. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/tripwireless-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 5 12:27:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 5 Jul 2010 21:27:33 +0200 Subject: [SEC] [SA40446] WordPress Simple:Press Plugin "value" SQL Injection Vulnerability Message-ID: <201007051927.o65JRXdV025349@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: WordPress Simple:Press Plugin "value" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA40446 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40446/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40446 RELEASE DATE: 2010-07-05 DISCUSS ADVISORY: http://secunia.com/advisories/40446/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40446/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40446 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Canberk BOLAT has discovered a vulnerability in the Simple:Press plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "value" parameter (when "page_id", "type", "forum", and "search" are set) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 4.3.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Canberk BOLAT, ADEO Security Labs ORIGINAL ADVISORY: http://security.adeo.com.tr/Makale/19-simplepress-wordpress-plugin-sql-injection-vulnerability.adeo OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 5 13:27:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 5 Jul 2010 22:27:13 +0200 Subject: [SEC] [SA40496] WordPress Simple:Press Plugin Cross-Site Scripting and Security Bypass Message-ID: <201007052027.o65KRD3X015455@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: WordPress Simple:Press Plugin Cross-Site Scripting and Security Bypass SECUNIA ADVISORY ID: SA40496 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40496/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40496 RELEASE DATE: 2010-07-05 DISCUSS ADVISORY: http://secunia.com/advisories/40496/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40496/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40496 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in the Simple:Press plugin for WordPress, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks. 1) The profile/ahah/sf-ahah-profile-save.php script does not properly verify if "uid" parameter belongs to the current logged in user before updating the profile. This can be exploited to update the profile of another user. 2) Input passed via various parameters to multiple scripts is not properly sanitised before being returned to the user in the sf_esc_int() function in library/sf-primitives.php. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 4.3.0. Other versions may also be affected. SOLUTION: Update to version 4.3.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://mantis.simple-press.com/view.php?id=1470 http://mantis.simple-press.com/view.php?id=1504 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 5 14:22:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 5 Jul 2010 23:22:22 +0200 Subject: [SEC] [SA40498] Darkest Hour: Europe '44-'45 "STEAMCLIENTBLOB" Denial of Service Message-ID: <201007052122.o65LMMsL005366@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Darkest Hour: Europe '44-'45 "STEAMCLIENTBLOB" Denial of Service SECUNIA ADVISORY ID: SA40498 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40498/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40498 RELEASE DATE: 2010-07-05 DISCUSS ADVISORY: http://secunia.com/advisories/40498/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40498/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40498 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has reported a vulnerability in Darkest Hour: Europe '44-'45, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing the "STEAMCLIENTBLOB" command. For more information: SA40415 SOLUTION: Use in trusted network environments only. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/tripwireless-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 5 14:46:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 5 Jul 2010 23:46:23 +0200 Subject: [SEC] [SA40491] Novell Identity Manager Cross-Site Scripting Vulnerabilities Message-ID: <201007052146.o65LkNgd026268@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Novell Identity Manager Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA40491 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40491/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40491 RELEASE DATE: 2010-07-05 DISCUSS ADVISORY: http://secunia.com/advisories/40491/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40491/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40491 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Novell Identity Manager, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed to ForgotPassword.jsp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via unspecified parameters to forgotUser.do is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed via unspecified parameters to an unspecified Portlet is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in Identity Manager Roles Based Provisioning Module 3.7.0 (User Application 3.7.0) prior to Field Patch 370C. SOLUTION: Apply Field Patch 370C. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5077230.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 5 15:10:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Jul 2010 00:10:24 +0200 Subject: [SEC] [SA40456] Sandbox "a" Local File Inclusion Vulnerability Message-ID: <201007052210.o65MAOF3014855@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Sandbox "a" Local File Inclusion Vulnerability SECUNIA ADVISORY ID: SA40456 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40456/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40456 RELEASE DATE: 2010-07-05 DISCUSS ADVISORY: http://secunia.com/advisories/40456/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40456/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40456 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Sandbox, which can be exploited by malicious people to disclose sensitive information. Input passed via the "a" parameter to index.php is not properly sanitised before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerability is confirmed in version 2.0.2. Prior versions may also be affected. SOLUTION: Update to version 2.0.3. PROVIDED AND/OR DISCOVERED BY: saudi0hacker OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 5 15:24:06 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Jul 2010 00:24:06 +0200 Subject: [SEC] [SA40493] WordPress WP-UserOnline Plugin Script Insertion Vulnerability Message-ID: <201007052224.o65MO6q1002901@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: WordPress WP-UserOnline Plugin Script Insertion Vulnerability SECUNIA ADVISORY ID: SA40493 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40493/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40493 RELEASE DATE: 2010-07-06 DISCUSS ADVISORY: http://secunia.com/advisories/40493/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40493/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40493 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: MustLive has discovered a vulnerability in the WP-UserOnline plugin for WordPress, which can be exploited by malicious people to conduct script insertion attacks. Input appended to the URL after the installation path is not properly sanitised before being displayed to the user in wp-content/plugins/wp-useronline/wp-useronline.php. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerability is confirmed in version 2.62. Other versions may also be affected. SOLUTION: Update to version 2.70 or later. PROVIDED AND/OR DISCOVERED BY: MustLive ORIGINAL ADVISORY: WP-UserOnline: http://scribu.net/wordpress/wp-useronline/wu-2-70.html MustLive: http://websecurity.com.ua/4177/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 5 15:44:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Jul 2010 00:44:36 +0200 Subject: [SEC] [SA40494] Generic SCSI Target Subsystem for Linux (SCST) iSNS Buffer Overflow Vulnerabilities Message-ID: <201007052244.o65MiapY023640@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Generic SCSI Target Subsystem for Linux (SCST) iSNS Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA40494 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40494/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40494 RELEASE DATE: 2010-07-06 DISCUSS ADVISORY: http://secunia.com/advisories/40494/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40494/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40494 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in the Generic SCSI Target Subsystem For Linux (SCST), which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerabilities are caused due to a boundary errors when processing certain iSNS (Internet Storage Name Service) messages, which can be exploited to cause buffer overflows by sending specially crafted messages. Successful exploitation may allow the execution of arbitrary code. This is related to: SA40485 The vulnerabilities are reported in version 1.0.1.1. Other versions may also be affected. SOLUTION: Fixed in the SVN repository. PROVIDED AND/OR DISCOVERED BY: TELUS Security Labs Vulnerability Research Team. Additional information provided by FUJITA Tomonori. ORIGINAL ADVISORY: TELUS Security Labs: http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0058.html Generic SCSI Target Subsystem for Linux (SCST): http://scst.svn.sourceforge.net/viewvc/scst?view=revision&revision=1793 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 5 16:11:53 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Jul 2010 01:11:53 +0200 Subject: [SEC] [SA40495] Linux SCSI Target Framework (tgt) iSNS Buffer Overflow Vulnerabilities Message-ID: <201007052311.o65NBr5X012297@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Linux SCSI Target Framework (tgt) iSNS Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA40495 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40495/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40495 RELEASE DATE: 2010-07-06 DISCUSS ADVISORY: http://secunia.com/advisories/40495/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40495/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40495 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Linux SCSI Target Framework (tgt), which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerabilities are caused due to a boundary errors when processing certain iSNS (Internet Storage Name Service) messages, which can be exploited to cause buffer overflows by sending specially crafted messages. Successful exploitation may allow the execution of arbitrary code. This is related to: SA40485 The vulnerabilities are reported in version 1.0.5. Prior versions may also be affected. SOLUTION: Update to version 1.0.6. PROVIDED AND/OR DISCOVERED BY: TELUS Security Labs Vulnerability Research Team. Additional information provided by the vendor. ORIGINAL ADVISORY: TELUS Security Labs: http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0058.html Linux SCSI Target Framework (tgt): http://lists.wpkg.org/pipermail/stgt/2010-July/003858.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 5 16:43:15 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Jul 2010 01:43:15 +0200 Subject: [SEC] [SA40485] iSCSI Enterprise Target iSNS Message Processing Buffer Overflow Vulnerabilities Message-ID: <201007052343.o65NhFbQ001074@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: iSCSI Enterprise Target iSNS Message Processing Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA40485 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40485/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40485 RELEASE DATE: 2010-07-06 DISCUSS ADVISORY: http://secunia.com/advisories/40485/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40485/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40485 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been been reported in iSCSI Enterprise Target, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerabilities are caused due to a boundary errors when processing certain iSNS (Internet Storage Name Service) messages, which can be exploited to cause buffer overflows by sending specially crafted messages. Successful exploitation may allow the execution of arbitrary code. The vulnerabilities are reported in version 1.4.20.1. Other versions may also be affected. SOLUTION: Apply patch. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: TELUS Security Labs Vulnerability Research Team. Additional information provided by FUJITA Tomonori. ORIGINAL ADVISORY: TELUS Security Labs: http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0058.html iSCSI Enterprise Target: http://sourceforge.net/mailarchive/forum.php?thread_name=E2BB8074E5500C42984D980D4BD78EF904075006%40MFG-NYC-EXCH2.mfg.prv&forum_name=iscsitarget-devel OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 5 16:55:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Jul 2010 01:55:25 +0200 Subject: [SEC] [SA40476] Freeciv Denial of Service Vulnerabilities Message-ID: <201007052355.o65NtPVr021489@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Freeciv Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA40476 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40476/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40476 RELEASE DATE: 2010-07-06 DISCUSS ADVISORY: http://secunia.com/advisories/40476/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40476/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40476 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has reported some vulnerabilities in Freeciv, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error exists within the processing of jumbo packets with a packet length of less than 6, which can be exploited to terminate the server by sending a specially crafted jumbo packet. 2) Infinite loops when processing PACKET_PLAYER_INFO, PACKET_GAME_INFO, PACKET_EDIT_PLAYER_CREATE, PACKET_EDIT_PLAYER_REMOVE, PACKET_EDIT_CITY, and PACKET_EDIT_PLAYER packets can be exploited to cause a high CPU usage and stop the server from responding by sending specially crafted packets. The vulnerabilities are reported in version 2.2.1. Other versions may also be affected. SOLUTION: Restrict access to trusted players only. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/freecivet-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 5 17:10:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Jul 2010 02:10:36 +0200 Subject: [SEC] [SA40311] Open Text ECM Expression Builder Cross-Site Scripting Vulnerability Message-ID: <201007060010.o660Aa4m009600@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Open Text ECM Expression Builder Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA40311 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40311/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40311 RELEASE DATE: 2010-07-06 DISCUSS ADVISORY: http://secunia.com/advisories/40311/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40311/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40311 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Open Text ECM, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised in the Expression Builder before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions 9.7.0 and 9.7.1. SOLUTION: Apply patch. Please see the vendor advisory for more details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: https://knowledge.opentext.com/knowledge/llisapi.dll?func=ll&objId=17021345&objAction=ArticleView OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 5 17:22:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Jul 2010 02:22:43 +0200 Subject: [SEC] [SA40433] Roundup "template" Cross-Site Scripting Vulnerability Message-ID: <201007060022.o660Mh1M029962@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Roundup "template" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA40433 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40433/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40433 RELEASE DATE: 2010-07-06 DISCUSS ADVISORY: http://secunia.com/advisories/40433/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40433/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40433 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Roundup, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "template" parameter to /issue is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 1.4.14. SOLUTION: Update to version 1.4.14. PROVIDED AND/OR DISCOVERED BY: The vendor credits Benjamin Pollack. ORIGINAL ADVISORY: http://sourceforge.net/mailarchive/message.php?msg_name=AANLkTimIYtyRzTAReGmTSCEqPYBvwkkxrP6YKrdVm_nU%40mail.gmail.com http://issues.roundup-tracker.org/issue2550654 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 5 17:43:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Jul 2010 02:43:12 +0200 Subject: [SEC] [SA40298] Microsoft Windows MFC Document Title Updating Buffer Overflow Message-ID: <201007060043.o660hCja018303@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Microsoft Windows MFC Document Title Updating Buffer Overflow SECUNIA ADVISORY ID: SA40298 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40298/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40298 RELEASE DATE: 2010-07-06 DISCUSS ADVISORY: http://secunia.com/advisories/40298/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40298/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40298 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the "UpdateFrameTitleForDocument()" function of the CFrameWnd class in mfc42.dll. This can be exploited to cause a stack-based buffer overflow by passing an overly long title string argument to the affected function. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in fully patched versions of Windows 2000 Professional SP4 including mfc42.dll version 6.0.9586.0 and Windows XP SP2/SP3 including mfc42.dll version 6.2.4131.0. Other versions may also be affected. The following products are currently known to present valid attack vectors: * PowerZip version 7.2 Build 4010 (when e.g. entering an overly long directory in an opened archive). Other versions and applications using the vulnerable library may also be affected. SOLUTION: Restrict access to applications allowing user-controlled input to be passed to the vulnerable function. PROVIDED AND/OR DISCOVERED BY: Originally reported in PowerZip by fl0 fl0w. Additional information provided by Secunia Research. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 5 17:55:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Jul 2010 02:55:26 +0200 Subject: [SEC] [SA40130] Joomla BookLibrary From Same Author Module "id" SQL Injection Vulnerability Message-ID: <201007060055.o660tQON006264@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Joomla BookLibrary From Same Author Module "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA40130 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40130/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40130 RELEASE DATE: 2010-07-06 DISCUSS ADVISORY: http://secunia.com/advisories/40130/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40130/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40130 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered a vulnerability in the BookLibrary >From Same Author module for Joomla, which can be exploited by malicious people to conduct SQL injection attacks. 1) Input passed via the "id" parameter to index.php (when "option" is set to "com_booklibrary" and "task" is set to "view") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.5. Other versions may also be affected. SOLUTION: Update to version 1.5_2010_06_25. PROVIDED AND/OR DISCOVERED BY: Secunia Research ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2010-83/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 5 18:08:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Jul 2010 03:08:16 +0200 Subject: [SEC] [SA40337] Ubiquiti NanoStation Shell Command Injection Vulnerability Message-ID: <201007060108.o6618Gnq026677@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Ubiquiti NanoStation Shell Command Injection Vulnerability SECUNIA ADVISORY ID: SA40337 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40337/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40337 RELEASE DATE: 2010-07-06 DISCUSS ADVISORY: http://secunia.com/advisories/40337/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40337/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40337 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Ubiquiti NanoStation, which can be exploited by malicious users to compromise a vulnerable system. Input passed via the "ifname" parameter to stainfo.cgi in the web management interface is not properly sanitised before being used as a command line argument. This can be exploited to inject arbitrary shell commands. The vulnerability is reported in NanoStation5 running AirOS. SOLUTION: Reportedly fixed firmware has been released. Contact the vendor for further information. PROVIDED AND/OR DISCOVERED BY: Emanuele 'emgent' Gentili ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/14146/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 5 18:22:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Jul 2010 03:22:21 +0200 Subject: [SEC] [SA40415] Red Orchestra: Ostfront 41-45 "STEAMCLIENTBLOB" Denial of Service Message-ID: <201007060122.o661MLid014724@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Red Orchestra: Ostfront 41-45 "STEAMCLIENTBLOB" Denial of Service SECUNIA ADVISORY ID: SA40415 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40415/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40415 RELEASE DATE: 2010-07-06 DISCUSS ADVISORY: http://secunia.com/advisories/40415/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40415/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40415 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has reported a vulnerability in Red Orchestra: Ostfront 41-45, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing the "STEAMCLIENTBLOB" command, which can be exploited to e.g. cause a NULL pointer dereference and crash the server. SOLUTION: Use in trusted network environments only. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/tripwireless-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 5 18:43:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Jul 2010 03:43:09 +0200 Subject: [SEC] [SA40421] Microsoft Windows NtUserCheckAccessForIntegrityLevel Use-After-Free Message-ID: <201007060143.o661h92j003069@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Microsoft Windows NtUserCheckAccessForIntegrityLevel Use-After-Free SECUNIA ADVISORY ID: SA40421 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40421/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40421 RELEASE DATE: 2010-07-06 DISCUSS ADVISORY: http://secunia.com/advisories/40421/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40421/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40421 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges. The vulnerability is caused due to a use-after-free error in win32k.sys within NtUserCheckAccessForIntegrityLevel() as a reference counter to an object is incorrectly decremented twice when a call to LockProcessByClientId() fails. The vulnerability is confirmed in fully patched versions of Windows Vista Business SP1 and Windows Server 2008 Enterprise SP1/SP2. Other versions may also be affected. SOLUTION: Grant only trusted users access to affected systems. PROVIDED AND/OR DISCOVERED BY: Microsoft-Spurned Researcher Collective (MSRC) OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 5 18:55:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Jul 2010 03:55:12 +0200 Subject: [SEC] [SA40450] phpaaCMS "id" SQL Injection Vulnerabilities Message-ID: <201007060155.o661tCMP023426@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: phpaaCMS "id" SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA40450 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40450/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40450 RELEASE DATE: 2010-07-06 DISCUSS ADVISORY: http://secunia.com/advisories/40450/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40450/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40450 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in phpaaCMS, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to show.php and list.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in version 0.3.1 UTF-8. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Shafiq-Ur-Rehman and CoBRa_21 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 5 19:13:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Jul 2010 04:13:47 +0200 Subject: [SEC] [SA40479] Google Chrome Multiple Vulnerabilities Message-ID: <201007060213.o662DlNm012183@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40479 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40479/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40479 RELEASE DATE: 2010-07-06 DISCUSS ADVISORY: http://secunia.com/advisories/40479/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40479/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40479 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can potentially be exploited by malicious people to compromise a vulnerable system. 1) An unspecified error related to WebGL can be exploited to trigger an OOB read. No further information is currently available. 2) An unspecified error exists related to the isolation of sandboxed iframes. No further information is currently available. 3) An unspecified error in the processing of SVG images can be exploited to corrupt memory. 4) An unspecified error related to the bidi algorithm can be exploited to corrupt memory. 5) An unspecified error in the processing of invalid images can be exploited to cause a crash. No further information is currently available. 6) A vulnerability in the processing of PNG images can be exploited to corrupt memory. For more information see vulnerability #1 in: SA40302 7) An unspecified error in the CSS style rendering can be exploited to corrupt memory. 8) An unspecified error exists related to print dialogs. No further information is currently available. 9) An unspecified error related to modal dialogs can be exploited to cause a crash. SOLUTION: Update to version 5.0.375.99. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Sergey Glazunov; Google Chrome Security Team (SkyLined) 2) sirdarckcat, Google Security Team 3) Aki Hekin of OUSPG and wushi of team509 4, 7) wushi of team509 5) Jose A. Vazquez 6, 9) Aki Helin, OUSPG 8) Mats Ahlgren ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html http://code.google.com/p/chromium/issues/detail?id=45983 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 5 19:42:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Jul 2010 04:42:11 +0200 Subject: [SEC] [SA40486] Debian update for mahara Message-ID: <201007060242.o662gBEB000827@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Debian update for mahara SECUNIA ADVISORY ID: SA40486 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40486/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40486 RELEASE DATE: 2010-07-06 DISCUSS ADVISORY: http://secunia.com/advisories/40486/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40486/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40486 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for mahara. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting, cross-site request forgery, and SQL injection attacks and bypass certain security restrictions. For more information: SA40431 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA-2067-1: http://lists.debian.org/debian-security-announce/2010/msg00111.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 5 19:54:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Jul 2010 04:54:13 +0200 Subject: [SEC] [SA40427] bogofilter Base64 Decoding Heap Corruption Vulnerability Message-ID: <201007060254.o662sDMp021243@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: bogofilter Base64 Decoding Heap Corruption Vulnerability SECUNIA ADVISORY ID: SA40427 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40427/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40427 RELEASE DATE: 2010-07-06 DISCUSS ADVISORY: http://secunia.com/advisories/40427/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40427/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40427 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in bogofilter, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due to an off-by-one vulnerability in bogofilter and bogolexer when processing Base64 encoded strings beginning with a equal character ("="), which can be exploited to e.g. cause a heap corruption. The vulnerability is reported in version 1.2.1. Prior versions may also be affected. SOLUTION: Fixed in the SVN repository. Update to version 1.2.2 as soon as available. PROVIDED AND/OR DISCOVERED BY: Julius Plenz ORIGINAL ADVISORY: http://bogofilter.svn.sourceforge.net/viewvc/bogofilter/trunk/bogofilter/doc/bogofilter-SA-2010-01?revision=6909&pathrev=6909 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jul 6 10:27:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Jul 2010 19:27:11 +0200 Subject: [SEC] [SA40484] SocialABC NetworX Cross-Site Scripting and File Upload Vulnerabilities Message-ID: <201007061727.o66HRBEF002341@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: SocialABC NetworX Cross-Site Scripting and File Upload Vulnerabilities SECUNIA ADVISORY ID: SA40484 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40484/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40484 RELEASE DATE: 2010-07-06 DISCUSS ADVISORY: http://secunia.com/advisories/40484/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40484/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40484 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered some vulnerabilities in SocialABC NetworX, which can be exploited by malicious people to conduct cross-site scripting attacks or to compromise a vulnerable system. 1) Input passed via the "group_id" parameter to group_connections_list_popup.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The application does not properly restrict access to upload.php, which can be exploited to upload files with arbitrary extensions and e.g. execute arbitrary PHP code. The vulnerabilities are confirmed in version 1.0.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Restrict access to upload.php (e.g. via a .htaccess file). PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: http://cross-site-scripting.blogspot.com/2010/07/networx-103-reflected-xss.html http://cross-site-scripting.blogspot.com/2010/07/networx-103-arbitrary-upload.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jul 6 11:27:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Jul 2010 20:27:05 +0200 Subject: [SEC] [SA40461] ScriptsFeed Realtor Classifieds System "c" SQL Injection Vulnerability Message-ID: <201007061827.o66IR5kf024899@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: ScriptsFeed Realtor Classifieds System "c" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA40461 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40461/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40461 RELEASE DATE: 2010-07-06 DISCUSS ADVISORY: http://secunia.com/advisories/40461/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40461/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40461 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in ScriptsFeed Realtor Classifieds System, which can be exploited by malicious people to conduct SQL Injection attacks. Input passed to the "c" parameter in search.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Sid3^effects aKa HaRi OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jul 6 12:27:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Jul 2010 21:27:08 +0200 Subject: [SEC] [SA40483] nuBuilder Cross-Site Scripting and File Inclusion Message-ID: <201007061927.o66JR8tS015034@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: nuBuilder Cross-Site Scripting and File Inclusion SECUNIA ADVISORY ID: SA40483 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40483/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40483 RELEASE DATE: 2010-07-06 DISCUSS ADVISORY: http://secunia.com/advisories/40483/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40483/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40483 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered some vulnerabilities in nuBuilder, which can be exploited by malicious people to conduct cross-site scripting attacks or to disclose sensitive information. 1) Input passed via the "f" parameter to productionnu2/nuedit.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "dir" parameter to productionnu2/fileuploader.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. The vulnerabilities are confirmed in version 10.04.20. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised and verified. PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: http://cross-site-scripting.blogspot.com/2010/07/nubuilder-100420-reflected-xss.html http://cross-site-scripting.blogspot.com/2010/07/nubuilder-100420-local-file-inclusion.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jul 6 13:27:15 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Jul 2010 22:27:15 +0200 Subject: [SEC] [SA40417] SIDA University System "TBox_Email" SQL Injection Vulnerability Message-ID: <201007062027.o66KRFjR005164@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: SIDA University System "TBox_Email" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA40417 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40417/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40417 RELEASE DATE: 2010-07-06 DISCUSS ADVISORY: http://secunia.com/advisories/40417/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40417/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40417 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in SIDA University System, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "TBox_Email" parameter in Portal/Research/ResearchPlan/UserStart.aspx is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Reportedly fixed in version 1389. PROVIDED AND/OR DISCOVERED BY: K053 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jul 6 14:21:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Jul 2010 23:21:03 +0200 Subject: [SEC] [SA40425] Novell ZENworks Linux Management Tomcat Multiple Vulnerabilities Message-ID: <201007062121.o66LL36U027418@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Novell ZENworks Linux Management Tomcat Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40425 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40425/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40425 RELEASE DATE: 2010-07-06 DISCUSS ADVISORY: http://secunia.com/advisories/40425/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40425/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40425 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Novell has acknowledged multiple vulnerabilities in Novell ZENworks Linux Management, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, or disclose sensitive information. The vulnerabilities are caused due the use of a vulnerable version of Tomcat. For more information: SA25678 SA28552 SA28878 SA31379 The vulnerabilities are reported in ZLM 7.3 using Tomcat 5.0.28. SOLUTION: Novell has issued a Field Test File (FTF) for testing. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: Novell: http://www.novell.com/support/viewContent.do?externalId=7006398 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jul 6 14:42:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Jul 2010 23:42:14 +0200 Subject: [SEC] [SA40463] ScriptsFeed Scripts Directory Software SQL Injection Vulnerabilities Message-ID: <201007062142.o66LgEMS015782@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: ScriptsFeed Scripts Directory Software SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA40463 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40463/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40463 RELEASE DATE: 2010-07-06 DISCUSS ADVISORY: http://secunia.com/advisories/40463/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40463/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40463 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in ScriptsFeed Scripts Directory Software, which can be exploited by malicious people to conduct SQL injection attacks. 1) Input passed to the "s" parameter in search.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed via the "us" and "ps" parameters to login.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability allows bypassing the authentication mechanism. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Sid3^effects aKa HaRi OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jul 6 14:58:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Jul 2010 23:58:29 +0200 Subject: [SEC] [SA40395] EDItran Communications Platform Packet Handling Vulnerability Message-ID: <201007062158.o66LwTNY004046@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: EDItran Communications Platform Packet Handling Vulnerability SECUNIA ADVISORY ID: SA40395 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40395/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40395 RELEASE DATE: 2010-07-06 DISCUSS ADVISORY: http://secunia.com/advisories/40395/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40395/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40395 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Pedro Andujar has reported a vulnerability in EDItran Communications Platform, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due an error in editcp when processing packets and can be exploited via a specially crafted packet sent to port 7777. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 4.1 R7. Other versions may also be affected. SOLUTION: Reportedly, a patch has been released. Contact the vendor for further information. PROVIDED AND/OR DISCOVERED BY: Pedro Andujar ORIGINAL ADVISORY: http://www.digitalsec.net/stuff/explt+advs/editcpv4.1R7_bof.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jul 6 15:24:01 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Jul 2010 00:24:01 +0200 Subject: [SEC] [SA40391] ScriptsFeed Auto Dealer Software "id" SQL Injection Vulnerability Message-ID: <201007062224.o66MO1cQ025006@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: ScriptsFeed Auto Dealer Software "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA40391 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40391/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40391 RELEASE DATE: 2010-07-07 DISCUSS ADVISORY: http://secunia.com/advisories/40391/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40391/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40391 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in ScriptsFeed Auto Dealer Software, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "id" parameter in info.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Easy Laster OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jul 6 15:44:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Jul 2010 00:44:48 +0200 Subject: [SEC] [SA40369] ALPHA Ethernet Adapter II Web-Manager Authentication Bypass Message-ID: <201007062244.o66MimA2013375@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: ALPHA Ethernet Adapter II Web-Manager Authentication Bypass SECUNIA ADVISORY ID: SA40369 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40369/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40369 RELEASE DATE: 2010-07-07 DISCUSS ADVISORY: http://secunia.com/advisories/40369/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40369/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40369 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in APLHA Ethernet Adapter II, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an unspecified error, which can be exploited to access the device's web administration interface without proper authentication. The vulnerability is reported in version 3.40.2. Other versions may also be affected. SOLUTION: Restrict network access using a proxy or firewall. PROVIDED AND/OR DISCOVERED BY: Edward Bullard, James Robertson, and rb13$ of the Digital Defense, Inc. Vulnerability Research Team ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0010.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jul 6 16:11:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Jul 2010 01:11:21 +0200 Subject: [SEC] [SA40458] ScriptsFeed Home Classifieds Software SQL Injection Vulnerabilities Message-ID: <201007062311.o66NBLOI001951@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: ScriptsFeed Home Classifieds Software SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA40458 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40458/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40458 RELEASE DATE: 2010-07-07 DISCUSS ADVISORY: http://secunia.com/advisories/40458/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40458/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40458 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in ScriptsFeed Home Classifieds Software, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "c" parameter in search.php and to the "id" parameter in articlesdetails.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Sid3^effects aKa HaRi OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jul 6 16:43:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Jul 2010 01:43:04 +0200 Subject: [SEC] [SA40457] ScriptsFeed Events Directory Software SQL Injection Vulnerabilities Message-ID: <201007062343.o66Nh4Br023246@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: ScriptsFeed Events Directory Software SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA40457 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40457/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40457 RELEASE DATE: 2010-07-07 DISCUSS ADVISORY: http://secunia.com/advisories/40457/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40457/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40457 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in ScriptsFeed Events Directory Software, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "c" parameter in search.php and to the "id" parameter in articlesdetails.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Sid3^effects aKa HaRi and Easy Laster OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jul 6 16:55:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Jul 2010 01:55:16 +0200 Subject: [SEC] [SA40474] Orbis CMS "s" Cross-Site Scripting Vulnerability Message-ID: <201007062355.o66NtGEZ011209@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Orbis CMS "s" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA40474 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40474/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40474 RELEASE DATE: 2010-07-07 DISCUSS ADVISORY: http://secunia.com/advisories/40474/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40474/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40474 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Orbis CMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "s" parameter to admin/editors/text/editor-body.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.0.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: http://cross-site-scripting.blogspot.com/2010/07/orbis-102-reflected-xss.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jul 6 17:10:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Jul 2010 02:10:40 +0200 Subject: [SEC] [SA40444] Drupal Views Module Autocomplete User Information Disclosure Weakness Message-ID: <201007070010.o670Ae1i031739@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Drupal Views Module Autocomplete User Information Disclosure Weakness SECUNIA ADVISORY ID: SA40444 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40444/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40444 RELEASE DATE: 2010-07-07 DISCUSS ADVISORY: http://secunia.com/advisories/40444/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40444/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40444 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Justin C. Klein Keane has discovered a weakness in the Views module for Drupal, which can be exploited by malicious people to disclose potentially sensitive information. The weakness caused due an error in the "views_ajax_autocomplete_user()" function in modules/views/includes/ajax.inc, which does not properly check for access permissions before querying for usernames. This can be exploited to enumerate valid usernames. The weakness is confirmed in version 6.x-2.11 and also reported in version 5.x-1.8. Other versions may also be affected. SOLUTION: Edit the source code to implement proper access restrictions. PROVIDED AND/OR DISCOVERED BY: Justin C. Klein Keane ORIGINAL ADVISORY: http://www.madirish.net/?article=465 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jul 6 17:22:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Jul 2010 02:22:38 +0200 Subject: [SEC] [SA40453] ScriptsFeed General Classifieds Ads Software SQL Injection Vulnerabilities Message-ID: <201007070022.o670McsF019700@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: ScriptsFeed General Classifieds Ads Software SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA40453 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40453/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40453 RELEASE DATE: 2010-07-07 DISCUSS ADVISORY: http://secunia.com/advisories/40453/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40453/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40453 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in ScriptsFeed General Classifieds Ads Software, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "c" parameter in search.php, the "pcat" parameter in browse.php, and the "id" parameter in articlesdetails.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Sid3^effects aKa HaRi and Easy Laster OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jul 6 17:43:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Jul 2010 02:43:32 +0200 Subject: [SEC] [SA40482] Lanius CMS Cross-Site Request Forgery Vulnerability Message-ID: <201007070043.o670hWiB008055@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Lanius CMS Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA40482 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40482/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40482 RELEASE DATE: 2010-07-07 DISCUSS ADVISORY: http://secunia.com/advisories/40482/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40482/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40482 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Lanius CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. add a new administrative user, if a logged-in administrative user visits a malicious web site. The vulnerability is confirmed in version 0.5.2 - r1668. Other versions may also be affected. SOLUTION: Do not browse untrusted sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: http://cross-site-scripting.blogspot.com/2010/07/lanius-cms-052-r1668-cross-site-request.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jul 6 17:55:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Jul 2010 02:55:41 +0200 Subject: [SEC] [SA40505] IRC Services MemoServ Denial of Service and Information Disclosure Message-ID: <201007070055.o670tfbM028427@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: IRC Services MemoServ Denial of Service and Information Disclosure SECUNIA ADVISORY ID: SA40505 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40505/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40505 RELEASE DATE: 2010-07-07 DISCUSS ADVISORY: http://secunia.com/advisories/40505/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40505/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40505 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in IRC Services, which can be exploited by malicious users to cause a DoS (Denial of Service) and disclose potentially sensitive information. 1) An unspecified error within the handling of the "MemoServ FORWARD" command can be exploited to cause a crash. 2) An unspecified error within the MemoServ service can be exploited to read the memos of other users. Vulnerability #1 has been reported in versions prior to 5.1.22 and vulnerability #2 has been reported in versions prior to 5.1.23. SOLUTION: Update to version 5.1.23. PROVIDED AND/OR DISCOVERED BY: The vendor credits Charalampos Pournaris. ORIGINAL ADVISORY: http://www.ircservices.za.net/Changes.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jul 6 18:08:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Jul 2010 03:08:12 +0200 Subject: [SEC] [SA40451] ScriptsFeed Auto Classifieds Software "id" SQL Injection Vulnerabilities Message-ID: <201007070108.o6718CYG016422@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: ScriptsFeed Auto Classifieds Software "id" SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA40451 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40451/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40451 RELEASE DATE: 2010-07-07 DISCUSS ADVISORY: http://secunia.com/advisories/40451/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40451/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40451 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in ScriptsFeed Auto Classifieds Software, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "id" parameter in articlesdetails.php and info.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Sid3^effects aKa HaRi and Easy Laster OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jul 6 18:22:56 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Jul 2010 03:22:56 +0200 Subject: [SEC] [SA40503] Joomla Canteen Component Multiple Vulnerabilities Message-ID: <201007070122.o671Mu0g004493@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Joomla Canteen Component Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40503 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40503/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40503 RELEASE DATE: 2010-07-07 DISCUSS ADVISORY: http://secunia.com/advisories/40503/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40503/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40503 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Salvatore Fresta has discovered multiple vulnerabilities in the Canteen component for Joomla, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to disclose potentially sensitive information. 1) Input passed via the "mealid" parameter to index.php (when "option" is set to "com_canteen", "view" is set to "menu", "controller" is set to "menu", and "task" is set to "saveOrder", "removeOrder", or "saveFromBursa") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed to the "controller" parameter in index.php (when "option" is set to "com_canteen") is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes. The vulnerabilities are confirmed in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised and verified. PROVIDED AND/OR DISCOVERED BY: Salvatore Fresta ORIGINAL ADVISORY: http://www.salvatorefresta.net/files/adv/Canteen%20Joomla%20Component%201.0%20Multiple%20Remote%20Vulnerabilities-04072010.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jul 6 18:43:01 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Jul 2010 03:43:01 +0200 Subject: [SEC] [SA40468] Fedora update for gcc Message-ID: <201007070143.o671h1Jm025215@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Fedora update for gcc SECUNIA ADVISORY ID: SA40468 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40468/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40468 RELEASE DATE: 2010-07-07 DISCUSS ADVISORY: http://secunia.com/advisories/40468/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40468/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40468 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for gcc. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an input validation error when extracting JAR archives. This can be exploited to extract files to arbitrary locations outside the specified directory via directory traversal sequences in the file path. This is related to: SA17839 SOLUTION: Apply updated packages using the yum utility ("yum update gcc"). PROVIDED AND/OR DISCOVERED BY: Dan Rosenberg ORIGINAL ADVISORY: FEDORA-2010-10415: http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043729.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jul 6 18:55:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Jul 2010 03:55:39 +0200 Subject: [SEC] [SA40438] RightInPoint Lyrics Script "artist_id" SQL Injection Vulnerability Message-ID: <201007070155.o671tdY0013202@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: RightInPoint Lyrics Script "artist_id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA40438 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40438/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40438 RELEASE DATE: 2010-07-07 DISCUSS ADVISORY: http://secunia.com/advisories/40438/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40438/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40438 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in RightInPoint Lyrics Script, which can be exploited by malicious users to conduct SQL injection attacks. Input passed via the "artist_id" parameter to index.php (when "new_a" is set to "addalbum") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. NOTE: This can further be exploited to conduct cross-site scripting attacks via SQL error messages. The vulnerability is reported in version v3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Sid3^effects OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jul 6 19:17:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Jul 2010 04:17:08 +0200 Subject: [SEC] [SA40464] Fedora update for bugzilla Message-ID: <201007070217.o672H84Q002037@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Fedora update for bugzilla SECUNIA ADVISORY ID: SA40464 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40464/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40464 RELEASE DATE: 2010-07-07 DISCUSS ADVISORY: http://secunia.com/advisories/40464/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40464/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40464 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for bugzilla. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information. For more information: SA40300 SOLUTION: Apply updated packages via the yum utility ("yum update bugzilla"). ORIGINAL ADVISORY: FEDORA-2010-10398: https://admin.fedoraproject.org/updates/bugzilla-3.4.7-1.fc12 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jul 6 19:42:01 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Jul 2010 04:42:01 +0200 Subject: [SEC] [SA40439] ScriptsFeed Auction Software "id" SQL Injection Vulnerabilities Message-ID: <201007070242.o672g1on023016@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: ScriptsFeed Auction Software "id" SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA40439 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40439/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40439 RELEASE DATE: 2010-07-07 DISCUSS ADVISORY: http://secunia.com/advisories/40439/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40439/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40439 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in ScriptsFeed Auction Software, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "id" parameter in confirm.php and articlesdetails.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Sid3^effects aKa HaRi and Easy Laster OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jul 7 10:27:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Jul 2010 19:27:54 +0200 Subject: [SEC] [SA40436] Fedora update for mediawiki Message-ID: <201007071727.o67HRsRt018001@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Fedora update for mediawiki SECUNIA ADVISORY ID: SA40436 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40436/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40436 RELEASE DATE: 2010-07-07 DISCUSS ADVISORY: http://secunia.com/advisories/40436/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40436/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40436 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for mediawiki. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. For more information: SA39922 SOLUTION: Apply updated packages via the yum utility ("yum update mediawiki"). ORIGINAL ADVISORY: FEDORA-2010-10848: http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043856.html FEDORA-2010-10779: http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043803.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jul 7 11:28:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Jul 2010 20:28:12 +0200 Subject: [SEC] [SA40447] Sandbox Multiple Vulnerabilities Message-ID: <201007071828.o67ISCG7008132@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Sandbox Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40447 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40447/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40447 RELEASE DATE: 2010-07-07 DISCUSS ADVISORY: http://secunia.com/advisories/40447/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40447/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40447 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in Sandbox, which can be exploited by malicious users to disclose sensitive information and upload arbitrary files and by malicious people to conduct SQL injection attacks and bypass security restrictions. 1) Input passed via the "p" parameter to index.php (when "a" is set to "page") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed via the "sandbox_pass" cookie parameter to global.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires "magic_quotes_gpc" to be set to "off" and e.g. allows bypassing the login mechanism. 3) Input passed via the "a" parameter to admin.php is not properly sanitised before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. 4) Improper handling of file names with multiple extensions in admin_modules/posts.php and modules/blog.php can be exploited to upload PHP files. The vulnerabilities are confirmed in version 2.0.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Salvatore Fresta aka Drosophila ORIGINAL ADVISORY: http://www.salvatorefresta.net/files/adv/Sandbox-2.0.3-Multiple-Remote-Vulnerabilities-07072010.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jul 7 12:27:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Jul 2010 21:27:09 +0200 Subject: [SEC] [SA40473] Xlight FTP Server "SFTP" Directory Traversal Vulnerability Message-ID: <201007071927.o67JR93p030599@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Xlight FTP Server "SFTP" Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA40473 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40473/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40473 RELEASE DATE: 2010-07-07 DISCUSS ADVISORY: http://secunia.com/advisories/40473/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40473/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40473 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Accensus Security Group has discovered a vulnerability in Xlight FTP Server, which can be exploited by malicious users to disclose potentially sensitive information. The vulnerability is caused due to the SFTP/SSH2 virtual server not properly verifying input before reading files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks. NOTE: The FTP virtual server is not affected by this vulnerability. The vulnerability is confirmed in version 3.5.0. Other versions may also be affected. SOLUTION: Update to version 3.6.0. PROVIDED AND/OR DISCOVERED BY: Accensus Security Group ORIGINAL ADVISORY: Xlight: http://www.xlightftpd.com/whatsnew.htm Accensus Security Group: http://archives.neohapsis.com/archives/bugtraq/2010-07/0034.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jul 7 13:27:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Jul 2010 22:27:07 +0200 Subject: [SEC] [SA40442] Ruby "ARGF.inplace_mode" Buffer Overflow Vulnerability Message-ID: <201007072027.o67KR7Tj020717@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Ruby "ARGF.inplace_mode" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA40442 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40442/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40442 RELEASE DATE: 2010-07-07 DISCUSS ADVISORY: http://secunia.com/advisories/40442/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40442/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40442 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in Ruby, which can be exploited by malicious, local users to bypass certain security restrictions. The weakness is caused due to a boundary error within the filename handling on Windows systems, which can be exploited to cause a buffer overflow by e.g. assigning a specially crafted value to the "ARGF.inplace_mode" variable. The weakness is reported in Ruby 1.9.1 patchlevel 378 on Windows systems. Other versions may also be affected. SOLUTION: Update to version 1.9.1-p429. PROVIDED AND/OR DISCOVERED BY: The vendor credits Masaya TARUI. ORIGINAL ADVISORY: http://www.ruby-lang.org/en/news/2010/07/02/ruby-1-9-1-p429-is-released/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jul 7 14:21:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Jul 2010 23:21:21 +0200 Subject: [SEC] [SA40480] Fedora update for avahi Message-ID: <201007072121.o67LLLeB010579@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Fedora update for avahi SECUNIA ADVISORY ID: SA40480 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40480/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40480 RELEASE DATE: 2010-07-07 DISCUSS ADVISORY: http://secunia.com/advisories/40480/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40480/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40480 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for avahi. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA40470 SOLUTION: Apply updated packages via the yum utility ("yum update avahi"). ORIGINAL ADVISORY: FEDORA-2010-10584: http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043800.html FEDORA-2010-10581: http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043800.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jul 7 14:42:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Jul 2010 23:42:02 +0200 Subject: [SEC] [SA40470] Avahi DNS Denial of Service Vulnerability Message-ID: <201007072142.o67Lg2cD031314@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Avahi DNS Denial of Service Vulnerability SECUNIA ADVISORY ID: SA40470 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40470/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40470 RELEASE DATE: 2010-07-07 DISCUSS ADVISORY: http://secunia.com/advisories/40470/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40470/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40470 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Avahi, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerabilities are caused due to errors within the "avahi_recv_dns_packet_ipv4()" and "avahi_recv_dns_packet_ipv6()" functions in avahi-core/socket.c, which can be exploited to cause an assertion error and terminate the service by sending a DNS packet with an incorrect checksum immediately followed by a DNS packet with correct checksum. The vulnerabilities are reported in versions prior to 0.6.26. SOLUTION: Update to version 0.6.26. PROVIDED AND/OR DISCOVERED BY: Ludwig Nussel, SUSE ORIGINAL ADVISORY: Avahi: http://avahi.org/milestone/Avahi%200.6.26 Ludwig Nussel: http://www.openwall.com/lists/oss-security/2010/06/23/4 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jul 7 14:56:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Jul 2010 23:56:12 +0200 Subject: [SEC] [SA40449] Joomla AutarTimonial Component "limit" SQL Injection Vulnerability Message-ID: <201007072156.o67LuCUY019454@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Joomla AutarTimonial Component "limit" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA40449 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40449/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40449 RELEASE DATE: 2010-07-07 DISCUSS ADVISORY: http://secunia.com/advisories/40449/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40449/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40449 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the AutarTimonial component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "limit" parameter to index.php (when "option" is set to "com_autartimonial") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.0.8. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Sid3^effects OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jul 7 15:09:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Jul 2010 00:09:28 +0200 Subject: [SEC] [SA40506] Panda Anti-Rootkit RKPavProc.sys IOCTL Handling Privilege Escalation Message-ID: <201007072209.o67M9SKw007480@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Panda Anti-Rootkit RKPavProc.sys IOCTL Handling Privilege Escalation SECUNIA ADVISORY ID: SA40506 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40506/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40506 RELEASE DATE: 2010-07-07 DISCUSS ADVISORY: http://secunia.com/advisories/40506/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40506/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40506 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Panda Anti-Rootkit, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges. The vulnerabilities are caused due to errors within the RKPavProc.sys kernel driver when processing certain IOCTLs. For more information: SA40462 SOLUTION: Restrict access to trusted users. PROVIDED AND/OR DISCOVERED BY: NT Internals ORIGINAL ADVISORY: NT Internals NTIADV0905: http://www.ntinternals.org/ntiadv0905/ntiadv0905.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jul 7 15:22:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Jul 2010 00:22:13 +0200 Subject: [SEC] [SA40489] Suse update for java-1_5_0-ibm Message-ID: <201007072222.o67MMDPk027850@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Suse update for java-1_5_0-ibm SECUNIA ADVISORY ID: SA40489 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40489/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40489 RELEASE DATE: 2010-07-08 DISCUSS ADVISORY: http://secunia.com/advisories/40489/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40489/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40489 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for java-1_5_0-ibm. This fixes multiple vulnerabilities, where some have an unknown impact and others can potentially be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), or compromise a vulnerable system. For more information: SA37291 SA39477 SA40057 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SUSE-SA:2010:028: http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00003.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jul 7 15:43:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Jul 2010 00:43:29 +0200 Subject: [SEC] [SA40462] Panda Products RKPavProc.sys IOCTL Handling Privilege Escalation Message-ID: <201007072243.o67MhTYW016212@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Panda Products RKPavProc.sys IOCTL Handling Privilege Escalation SECUNIA ADVISORY ID: SA40462 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40462/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40462 RELEASE DATE: 2010-07-08 DISCUSS ADVISORY: http://secunia.com/advisories/40462/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40462/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40462 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in various Panda products, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges. 1) An error within the RKPavProc.sys kernel driver when processing specially crafted IOCTLs can be exploited to dereference process objects (e.g. RKPavProc.sys version 1.0.5.0) or cause a NULL pointer dereference (e.g. RKPavProc.sys version 1.0.8.0). 2) An error within the RKPavProc.sys kernel driver when processing specially crafted IOCTLs can be exploited to cause a stack-based buffer overflow and execute arbitrary code in kernel space. SOLUTION: Apply hotfixes: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: NT Internals ORIGINAL ADVISORY: Panda: http://www.pandasecurity.com/homeusers/support/card?id=80184&idIdioma=2 NT Internals NTIADV0905: http://www.ntinternals.org/ntiadv0905/ntiadv0905.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jul 7 15:55:56 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Jul 2010 00:55:56 +0200 Subject: [SEC] [SA40477] Fedora update for mediawiki Message-ID: <201007072255.o67MtuFt004178@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Fedora update for mediawiki SECUNIA ADVISORY ID: SA40477 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40477/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40477 RELEASE DATE: 2010-07-08 DISCUSS ADVISORY: http://secunia.com/advisories/40477/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40477/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40477 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for mediawiki. This fixes a vulnerability and a security issue, which can be exploited by malicious users to disclose sensitive information and bypass certain security restrictions. For more information: SA38856 SOLUTION: Apply updated packages via the yum utility ("yum update mediawiki"). ORIGINAL ADVISORY: FEDORA-2010-6335: http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043799.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jul 7 16:09:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Jul 2010 01:09:12 +0200 Subject: [SEC] [SA40488] Fedora update for rpm Message-ID: <201007072309.o67N9CtL024604@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Fedora update for rpm SECUNIA ADVISORY ID: SA40488 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40488/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40488 RELEASE DATE: 2010-07-08 DISCUSS ADVISORY: http://secunia.com/advisories/40488/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40488/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40488 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for rpm. This fixes some weaknesses, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA40028 SOLUTION: Apply updated packages via the yum utility ("yum update rpm"). ORIGINAL ADVISORY: FEDORA-2010-10617: http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043749.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jul 7 16:22:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Jul 2010 01:22:42 +0200 Subject: [SEC] [SA40466] Unreal Engine "UGameEngine::UpdateConnectingMessage()" Buffer Overflow Message-ID: <201007072322.o67NMg7p012632@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Unreal Engine "UGameEngine::UpdateConnectingMessage()" Buffer Overflow SECUNIA ADVISORY ID: SA40466 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40466/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40466 RELEASE DATE: 2010-07-08 DISCUSS ADVISORY: http://secunia.com/advisories/40466/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40466/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40466 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has reported a vulnerability in the Unreal Engine, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the "UGameEngine::UpdateConnectingMessage()" function, which can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into connecting to a malicious server. Successful exploitation requires that downloads are enabled (default). The vulnerability is reported in the following games: * Unreal Tournament 2003 * Unreal Tournament 2004 * Postal 2 * Rainbow Six: Raven Shield * SWAT4 SOLUTION: Do not connect to untrusted servers. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/unrealcbof-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jul 7 16:43:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Jul 2010 01:43:27 +0200 Subject: [SEC] [SA40372] Ubuntu update for thunderbird Message-ID: <201007072343.o67NhRat000901@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Ubuntu update for thunderbird SECUNIA ADVISORY ID: SA40372 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40372/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40372 RELEASE DATE: 2010-07-08 DISCUSS ADVISORY: http://secunia.com/advisories/40372/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40372/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40372 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA39175 SA40309 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-943-1: http://www.ubuntu.com/usn/usn-943-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Jul 7 16:54:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Jul 2010 01:54:13 +0200 Subject: [SEC] [SA40478] Fedora update for mingw32-libtiff Message-ID: <201007072354.o67NsDUu021243@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Fedora update for mingw32-libtiff SECUNIA ADVISORY ID: SA40478 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40478/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40478 RELEASE DATE: 2010-07-08 DISCUSS ADVISORY: http://secunia.com/advisories/40478/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40478/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40478 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for mingw32-libtiff. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise an application using the library. For more information see vulnerability #1 in: SA40181 SOLUTION: Apply updated packages via the yum utility ("yum update mingw32-libtiff"). ORIGINAL ADVISORY: FEDORA-2010-10460: http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043769.html FEDORA-2010-10469: http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043835.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jul 8 10:27:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Jul 2010 19:27:18 +0200 Subject: [SEC] [SA40472] Ubuntu update for libpng Message-ID: <201007081727.o68HRITu017781@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Ubuntu update for libpng SECUNIA ADVISORY ID: SA40472 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40472/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40472 RELEASE DATE: 2010-07-08 DISCUSS ADVISORY: http://secunia.com/advisories/40472/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40472/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40472 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for libpng. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA40302 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-960-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-July/001118.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jul 8 11:27:15 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Jul 2010 20:27:15 +0200 Subject: [SEC] [SA40467] Podcast Generator "filename" Directory Traversal Vulnerability Message-ID: <201007081827.o68IRFHl007910@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Podcast Generator "filename" Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA40467 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40467/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40467 RELEASE DATE: 2010-07-08 DISCUSS ADVISORY: http://secunia.com/advisories/40467/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40467/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40467 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: BlackHawk has discovered a vulnerability in Podcast Generator, which can be exploited by malicious people to disclose potentially sensitive information. Input passed to the "filename" parameter in download.php is not properly verified before being used to download files. This can be exploited to download arbitrary files via directory traversal attacks. Successful exploitation may require that the script is running on a Windows host. The vulnerability is confirmed in version 1.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: BlackHawk ORIGINAL ADVISORY: http://www.scribd.com/doc/28080332/Podcast-Generator-1-3-Arbitrary-File-Download-Windows OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jul 8 12:27:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Jul 2010 21:27:14 +0200 Subject: [SEC] [SA40487] SUSE update for acroread Message-ID: <201007081927.o68JREXg030415@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: SUSE update for acroread SECUNIA ADVISORY ID: SA40487 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40487/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40487 RELEASE DATE: 2010-07-08 DISCUSS ADVISORY: http://secunia.com/advisories/40487/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40487/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40487 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for acroread. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA40034 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SA:2010:029: http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00004.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jul 8 13:27:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Jul 2010 22:27:19 +0200 Subject: [SEC] [SA40492] Sijio Multiple Script Insertion Vulnerabilities Message-ID: <201007082027.o68KRJ9T020541@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Sijio Multiple Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA40492 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40492/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40492 RELEASE DATE: 2010-07-08 DISCUSS ADVISORY: http://secunia.com/advisories/40492/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40492/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40492 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Sijio, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "title" POST parameter while adding or editing a blog and while adding or editing an album is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Sid3^effects and an anonymous person. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jul 8 14:21:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Jul 2010 23:21:31 +0200 Subject: [SEC] [SA40516] Pligg "username" SQL Injection Vulnerability Message-ID: <201007082121.o68LLV8B010411@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Pligg "username" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA40516 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40516/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40516 RELEASE DATE: 2010-07-08 DISCUSS ADVISORY: http://secunia.com/advisories/40516/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40516/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40516 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Pligg, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "username" parameter in login.php (when "processlogin" is set to "4") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.0.4. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: James Bercegay, GulfTech Security Research Team OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jul 8 14:43:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Jul 2010 23:43:43 +0200 Subject: [SEC] [SA40445] IBM BladeCenter Advanced Management Module Multiple Vulnerabilities Message-ID: <201007082143.o68Lhhsq031237@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: IBM BladeCenter Advanced Management Module Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40445 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40445/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40445 RELEASE DATE: 2010-07-08 DISCUSS ADVISORY: http://secunia.com/advisories/40445/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40445/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40445 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in IBM BladeCenter Advanced Management Module, which can be exploited by malicious users to disclose sensitive information and by malicious people to conduct cross-site scripting attacks or disclose potentially sensitive information. 1) Input passed via various parameters to multiple scripts is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Examples: http://[host]/private/cindefn.php?INDEX=[code]&VLANID=&IPADDR=[code] http://[host]/private/power_management_policy_options.php?domain=3[code] http://[host]/private/pm_temp.php?view=6&mod_type=3&slot=3[code] http://[host]/private/power_module.php?view=4&mod_type=4&slot=3[code] http://[host]/private/pm_temp.php?view=6&mod_type=3&slot=3[code] http://[host]/private/blade_leds.php?WEBINDEX=3[code] http://[host]/private/ipmi_bladestatus.php?SLOT=3[code]&save=1 2) Input passed via the "DIR" parameter to private/file_management.php is not properly verified before being used. This can be exploited to disclose the content of arbitrary files on the local file system via directory traversal attacks. Successful exploitation of this vulnerability requires authentication. 3) Access to certain data is not properly restricted and can be exploited to disclose potentially sensitive information via direct HTTP requests (e.g. to "private/sdc.tgz"). The vulnerabilities are reported in firmware version BPET48L. Other versions may also be affected. SOLUTION: Reportedly fixed in versions 4.7 and 5.0. PROVIDED AND/OR DISCOVERED BY: Alexey Sintsov, Digital Security Research Group. ORIGINAL ADVISORY: DSECRG-09-054: http://dsecrg.com/pages/vul/show.php?id=154 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jul 8 15:09:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Jul 2010 00:09:13 +0200 Subject: [SEC] [SA40407] Cisco Industrial Ethernet 3000 Hardcoded SNMP Community Names Message-ID: <201007082209.o68M9DGT019894@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Cisco Industrial Ethernet 3000 Hardcoded SNMP Community Names SECUNIA ADVISORY ID: SA40407 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40407/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40407 RELEASE DATE: 2010-07-08 DISCUSS ADVISORY: http://secunia.com/advisories/40407/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40407/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40407 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Cisco Industrial Ethernet 3000, which can be exploited by malicious people to potentially compromise a vulnerable device. The security issue is caused due to the restoring of hardcoded read-write SNMP community names to the running configuration after a device reload. This can be exploited to e.g. gain full control of the device. Successful exploitation requires that the SNMP service is enabled (disabled by default). The security issue is reported in Cisco IOS Software release 12.2(52)SE and 12.2(52)SE1. SOLUTION: Update to Cisco IOS 12.2(55)SE which is scheduled to be available August 2010. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20100707-snmp.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jul 8 15:22:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Jul 2010 00:22:31 +0200 Subject: [SEC] [SA40465] Ghost Recon Advanced Warfighter Two Vulnerabilities Message-ID: <201007082222.o68MMV45007915@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Ghost Recon Advanced Warfighter Two Vulnerabilities SECUNIA ADVISORY ID: SA40465 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40465/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40465 RELEASE DATE: 2010-07-09 DISCUSS ADVISORY: http://secunia.com/advisories/40465/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40465/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40465 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has reported two vulnerabilities in Ghost Recon Advanced Warfighter, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) A signedness error in the processing of network packets can be exploited to cause a crash by sending a specially crafted packet to port 16250/UDP. 2) An array indexing error in the processing of network packets can be exploited to cause a crash by sending a specially crafted packet to port 16250/UDP. The vulnerabilities are reported in Ghost Recon Advanced Warfighter version 1.35 and Ghost Recon Advanced Warfighter 2 version 1.05. Other versions may also be affected. SOLUTION: Restrict network access to trusted players only. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: Luigi Auriemma: http://aluigi.altervista.org/adv/grawful-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jul 8 15:43:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Jul 2010 00:43:48 +0200 Subject: [SEC] [SA40512] Ubuntu update for pam Message-ID: <201007082243.o68MhmU7028679@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Ubuntu update for pam SECUNIA ADVISORY ID: SA40512 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40512/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40512 RELEASE DATE: 2010-07-09 DISCUSS ADVISORY: http://secunia.com/advisories/40512/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40512/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40512 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has acknowledged a security issue in pam, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to the PAM MOTD module creating user file stamps in an insecure manner, which can be exploited to e.g. gain root privileges via symlink attacks. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Denis Excoffier. ORIGINAL ADVISORY: USN-959-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-July/001117.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jul 8 16:09:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Jul 2010 01:09:39 +0200 Subject: [SEC] [SA40469] Drupal MultiSafepay Integration Module Cross-Site Request Forgery Vulnerability Message-ID: <201007082309.o68N9diT017280@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Drupal MultiSafepay Integration Module Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA40469 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40469/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40469 RELEASE DATE: 2010-07-09 DISCUSS ADVISORY: http://secunia.com/advisories/40469/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40469/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40469 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the MultiSafepay Integration module for Drupal, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. alter the status of orders by tricking a logged in user into visiting a malicious web site. The vulnerability is reported in versions prior to 6.x-1.1. SOLUTION: Update to version 6.x-1.1. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Peter Wolanin of the Drupal security team. ORIGINAL ADVISORY: SA-CONTRIB-2010-071: http://drupal.org/node/847460 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jul 8 16:24:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Jul 2010 01:24:58 +0200 Subject: [SEC] [SA40510] Fedora update for python-mako Message-ID: <201007082324.o68NOwbU005373@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Fedora update for python-mako SECUNIA ADVISORY ID: SA40510 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40510/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40510 RELEASE DATE: 2010-07-09 DISCUSS ADVISORY: http://secunia.com/advisories/40510/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40510/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40510 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for python-mako. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks or script insertion attacks. For more information: SA39935 SOLUTION: Apply updated packages via the yum utility ("yum update python-mako"). ORIGINAL ADVISORY: FEDORA-2010-10540: http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043892.html FEDORA-2010-10544: http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043867.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Jul 8 16:45:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Jul 2010 01:45:31 +0200 Subject: [SEC] [SA40440] Drupal Hierarchical Select Module Script Insertion Vulnerability Message-ID: <201007082345.o68NjVCa026120@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Drupal Hierarchical Select Module Script Insertion Vulnerability SECUNIA ADVISORY ID: SA40440 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40440/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40440 RELEASE DATE: 2010-07-09 DISCUSS ADVISORY: http://secunia.com/advisories/40440/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40440/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40440 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Hierarchical Select module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Certain unspecified input is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "administer taxonomy" permissions. The vulnerability is reported in versions prior to 6.x-3.2 and 5.x-3.2. SOLUTION: Update to the latest version. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Jingxiang Rao and Sam Oldak. ORIGINAL ADVISORY: SA-CONTRIB-2010-072: http://drupal.org/node/847488 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jul 9 10:29:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Jul 2010 19:29:25 +0200 Subject: [SEC] [SA40536] Red Hat update for libtiff Message-ID: <201007091729.o69HTPj2029656@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Red Hat update for libtiff SECUNIA ADVISORY ID: SA40536 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40536/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40536 RELEASE DATE: 2010-07-09 DISCUSS ADVISORY: http://secunia.com/advisories/40536/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40536/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40536 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for libtiff. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA40181 1) An input validation error when processing certain TIFF images can be exploited to cause a crash. SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor. ORIGINAL ADVISORY: RHSA-2010-0520: https://rhn.redhat.com/errata/RHSA-2010-0520.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jul 9 11:29:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Jul 2010 20:29:27 +0200 Subject: [SEC] [SA40533] Fedora update for kernel Message-ID: <201007091829.o69ITRq1019774@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Fedora update for kernel SECUNIA ADVISORY ID: SA40533 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40533/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40533 RELEASE DATE: 2010-07-09 DISCUSS ADVISORY: http://secunia.com/advisories/40533/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40533/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40533 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for the kernel. This fixes a vulnerability and a security issue, which can be exploited by malicious, local users to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially gain escalated privileges. 1) An error in the within the "ethtool_get_rxnfc()" function can be exploited by malicious local users to cause a kernel crash or potentially gain escalated privileges. For more information: SA40205 2) An error in btrfs allows local users to set ACLs for arbitrary files. SOLUTION: Apply updated packages via the yum utility ("yum update kernel"). PROVIDED AND/OR DISCOVERED BY: 2) Shi Weihua ORIGINAL ADVISORY: FEDORA-2010-10876: http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043944.html 2) http://lkml.org/lkml/2010/5/17/544 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jul 9 12:29:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Jul 2010 21:29:24 +0200 Subject: [SEC] [SA40481] SUSE update for MozillaFirefox and mozilla-xulrunner191 Message-ID: <201007091929.o69JTOFA009882@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: SUSE update for MozillaFirefox and mozilla-xulrunner191 SECUNIA ADVISORY ID: SA40481 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40481/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40481 RELEASE DATE: 2010-07-09 DISCUSS ADVISORY: http://secunia.com/advisories/40481/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40481/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40481 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for MozillaFirefox and mozilla-xulrunner191. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system. For more information: SA39175 SA40309 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SA:2010:030: http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jul 9 13:29:15 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Jul 2010 22:29:15 +0200 Subject: [SEC] [SA40502] osCSS "page" Cross-Site Scripting Vulnerability Message-ID: <201007092029.o69KTFC1032393@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: osCSS "page" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA40502 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40502/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40502 RELEASE DATE: 2010-07-09 DISCUSS ADVISORY: http://secunia.com/advisories/40502/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40502/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40502 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in osCSS, which can be exploited by malicious people to conduct cross-site scripting attacks. An error in the admin/currencies.php script can be exploited to conduct cross-site scripting attacks. For more information see vulnerability #1 in: SA22275 The vulnerability is confirmed in version 1.2.2 RC a. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Originally reported in osCommerce by Lostmon. Additional information about osCss provided by High-Tech Bridge SA. ORIGINAL ADVISORY: http://www.htbridge.ch/advisory/xss_vulnerability_in_oscss.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jul 9 14:22:52 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Jul 2010 23:22:52 +0200 Subject: [SEC] [SA40529] LISTSERV "T" Cross-Site Scripting Vulnerability Message-ID: <201007092122.o69LMq3R022207@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: LISTSERV "T" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA40529 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40529/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40529 RELEASE DATE: 2010-07-09 DISCUSS ADVISORY: http://secunia.com/advisories/40529/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40529/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40529 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ram Sripracha has discovered a vulnerability in LISTSERV, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "T" parameter to wa.exe is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in version 15 and confirmed in version 16.0. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: Ram Sripracha OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jul 9 14:46:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Jul 2010 23:46:39 +0200 Subject: [SEC] [SA40531] Fedora update for w3m Message-ID: <201007092146.o69LkdBM010708@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Fedora update for w3m SECUNIA ADVISORY ID: SA40531 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40531/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40531 RELEASE DATE: 2010-07-09 DISCUSS ADVISORY: http://secunia.com/advisories/40531/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40531/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40531 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for w3m. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks. For more information: SA40134 SOLUTION: Apply updated packages using the yum utility ("yum update w3m"). ORIGINAL ADVISORY: FEDORA-2010-10250: http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043956.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jul 9 15:10:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Jul 2010 00:10:07 +0200 Subject: [SEC] [SA40490] b2evolution Cross-Site Request Forgery Vulnerability Message-ID: <201007092210.o69MA7pR031681@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: b2evolution Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA40490 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40490/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40490 RELEASE DATE: 2010-07-09 DISCUSS ADVISORY: http://secunia.com/advisories/40490/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40490/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40490 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in b2evolutioin, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change the administrator's password by tricking a logged in administrator into visiting a malicious web site. The vulnerability is confirmed in version 3.3.3-stable. Other versions may also be affected. SOLUTION: Do not browse untrusted sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: saudi0hacker OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Jul 9 15:23:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Jul 2010 00:23:13 +0200 Subject: [SEC] [SA40527] Red Hat update for libtiff Message-ID: <201007092223.o69MNDpC019677@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Red Hat update for libtiff SECUNIA ADVISORY ID: SA40527 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40527/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40527 RELEASE DATE: 2010-07-10 DISCUSS ADVISORY: http://secunia.com/advisories/40527/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40527/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40527 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for libtiff. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA40181 SA40241 SA40422 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0519-1: https://rhn.redhat.com/errata/RHSA-2010-0519.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 12 10:27:57 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 12 Jul 2010 19:27:57 +0200 Subject: [SEC] [SA40526] TheHostingTool Cross-Site Request Forgery Vulnerability Message-ID: <201007121727.o6CHRvgQ026973@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: TheHostingTool Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA40526 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40526/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40526 RELEASE DATE: 2010-07-12 DISCUSS ADVISORY: http://secunia.com/advisories/40526/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40526/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40526 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in TheHostingTool, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. delete defined servers managed by the application if a logged-in administrative user visits a malicious web site. The vulnerability is confirmed in version 1.2.2. Other versions may also be affected. SOLUTION: Do not browse untrusted sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: 10n1z3d OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 12 11:27:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 12 Jul 2010 20:27:27 +0200 Subject: [SEC] [SA40537] InterPhoto Gallery Cross-Site Request Forgery Vulnerability Message-ID: <201007121827.o6CIRR9G017086@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: InterPhoto Gallery Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA40537 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40537/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40537 RELEASE DATE: 2010-07-12 DISCUSS ADVISORY: http://secunia.com/advisories/40537/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40537/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40537 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in InterPhoto Gallery, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests, without performing any validity checks to verify the requests. This can be exploited to e.g. change a user's password in the user section or add an administrative user in the admin section if a logged-in user visits a specially crafted web site. The vulnerability is confirmed in version 2.4.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that HTTP requests are properly verified. Do not browse untrusted web sites or follow links from untrusted sources while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: Reported to Secunia by Russ McRee. Independently discovered by John Leitch. ORIGINAL ADVISORY: John Leitch: http://cross-site-scripting.blogspot.com/2010/07/interphoto-230-cross-site-request.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 12 12:27:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 12 Jul 2010 21:27:19 +0200 Subject: [SEC] [SA40475] GNU gv Two Security Issues Message-ID: <201007121927.o6CJRJQG007207@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: GNU gv Two Security Issues SECUNIA ADVISORY ID: SA40475 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40475/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40475 RELEASE DATE: 2010-07-12 DISCUSS ADVISORY: http://secunia.com/advisories/40475/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40475/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40475 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two security issues have been reported in GNU gv, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to potentially compromise a vulnerable system. 1) An error in the handling of temporary files when processing PDF files can be exploited to overwrite arbitrary files via symlink attacks. 2) An error exists due to the application invoking "gs" without the "-P-" command line option, which can be exploited to execute arbitrary postscript commands if a user is tricked into opening a specially crafted file in an attacker controlled directory. SOLUTION: Update to version 3.7.0. ORIGINAL ADVISORY: http://savannah.gnu.org/forum/forum.php?forum_id=6368 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 12 13:27:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 12 Jul 2010 22:27:17 +0200 Subject: [SEC] [SA40452] Ghostscript "-P-" Command Line Option Security Issue Message-ID: <201007122027.o6CKRHcC029740@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Ghostscript "-P-" Command Line Option Security Issue SECUNIA ADVISORY ID: SA40452 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40452/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40452 RELEASE DATE: 2010-07-12 DISCUSS ADVISORY: http://secunia.com/advisories/40452/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40452/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40452 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been discovered in Ghostscript, which can potentially be exploited by malicious people to bypass certain security restrictions and compromise a user's system. The security issue is caused due to the application reading certain postscript files in the current working directory although the "-P-" command line option is set. This can be exploited to execute arbitrary postscript commands e.g. via the "gs_init.ps" file, if a user is tricked into opening a file using the "-P-" option in an attacker controlled directory. The security issue is confirmed in version 8.71. Other versions may also be affected. SOLUTION: Fixed in the subversion repository. PROVIDED AND/OR DISCOVERED BY: Christopher Yeleighton. Additional information by Paul Szabo. ORIGINAL ADVISORY: https://bugzilla.novell.com/show_bug.cgi?id=608071 http://bugs.ghostscript.com/show_bug.cgi?id=691350 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 12 14:21:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 12 Jul 2010 23:21:04 +0200 Subject: [SEC] [SA40535] Joomla redSHOP Component "pid" SQL Injection Vulnerability Message-ID: <201007122121.o6CLL4oR019590@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Joomla redSHOP Component "pid" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA40535 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40535/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40535 RELEASE DATE: 2010-07-12 DISCUSS ADVISORY: http://secunia.com/advisories/40535/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40535/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40535 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the redSHOP component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "pid" parameter to index.php (when "option" is set to "com_redshop" and "view" is set to "product") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.0 RC1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: v3n0m OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 12 14:42:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 12 Jul 2010 23:42:10 +0200 Subject: [SEC] [SA40523] Debian update for znc Message-ID: <201007122142.o6CLgAKI007963@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Debian update for znc SECUNIA ADVISORY ID: SA40523 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40523/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40523 RELEASE DATE: 2010-07-12 DISCUSS ADVISORY: http://secunia.com/advisories/40523/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40523/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40523 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for znc. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service) The weakness is caused due to a NULL pointer dereference when processing traffic statistics while an unauthenticated connection exists. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA-2069-1: http://lists.debian.org/debian-security-announce/2010/msg00114.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 12 14:58:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 12 Jul 2010 23:58:33 +0200 Subject: [SEC] [SA40538] Joomla Rapid Recipe Component Multiple Script Insertion Vulnerabilities Message-ID: <201007122158.o6CLwXHb028519@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Joomla Rapid Recipe Component Multiple Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA40538 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40538/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40538 RELEASE DATE: 2010-07-12 DISCUSS ADVISORY: http://secunia.com/advisories/40538/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40538/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40538 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in the Rapid Recipe component for Joomla, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "introtext", "ingredients", "steps", and "recipecomment" parameters to index.php (when "option" is set to "com_rapidrecipe" and "page" is set to "submitrecipe") when adding a recipe is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerabilities are confirmed in version 1.7.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Sid3^effects OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 12 15:24:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Jul 2010 00:24:47 +0200 Subject: [SEC] [SA40521] RunCms "url" Cross-Site Scripting Vulnerability Message-ID: <201007122224.o6CMOlKa017233@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: RunCms "url" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA40521 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40521/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40521 RELEASE DATE: 2010-07-13 DISCUSS ADVISORY: http://secunia.com/advisories/40521/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40521/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40521 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered a vulnerability in RunCms, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "url" parameter in modules/headlines/magpierss/scripts/magpie_debug.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation requires that the "Headlines" module is enabled (disabled by default). The vulnerability is confirmed in version 2.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: http://cross-site-scripting.blogspot.com/2010/07/runcms-21-magpie-rss-module-reflected.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 12 15:45:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Jul 2010 00:45:46 +0200 Subject: [SEC] [SA40543] Image22 ActiveX Control "DrawIcon()" Buffer Overflow Vulnerability Message-ID: <201007122245.o6CMjkJb005601@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Image22 ActiveX Control "DrawIcon()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA40543 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40543/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40543 RELEASE DATE: 2010-07-13 DISCUSS ADVISORY: http://secunia.com/advisories/40543/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40543/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40543 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Image22 ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the handling of the "DrawIcon()" method when processing the file extension argument and can be exploited to cause a stack-based buffer overflow. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 1.1.1.0. Other versions may also be affected. SOLUTION: Set the kill-bit for the ActiveX control. PROVIDED AND/OR DISCOVERED BY: Blake ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/14321 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 12 16:11:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Jul 2010 01:11:48 +0200 Subject: [SEC] [SA40514] LifeType Cross-Site Request Forgery Vulnerability Message-ID: <201007122311.o6CNBmth026595@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: LifeType Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA40514 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40514/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40514 RELEASE DATE: 2010-07-13 DISCUSS ADVISORY: http://secunia.com/advisories/40514/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40514/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40514 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in LifeType, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. add an administrative user by tricking a logged in administrator into visiting a malicious website. The vulnerability is confirmed in version 1.2.10. Other versions may also be affected. SOLUTION: Do not browse untrusted web sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: http://cross-site-scripting.blogspot.com/2010/07/lifetype-1210-cross-site-request.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 12 16:44:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Jul 2010 01:44:26 +0200 Subject: [SEC] [SA40515] CSSTidy "url" Cross-Site Scripting Vulnerability Message-ID: <201007122344.o6CNiQKB015484@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: CSSTidy "url" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA40515 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40515/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40515 RELEASE DATE: 2010-07-13 DISCUSS ADVISORY: http://secunia.com/advisories/40515/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40515/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40515 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in CSSTidy, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "url" parameter in css_optimiser.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: http://cross-site-scripting.blogspot.com/2010/07/impresscms-121-final-reflected-cross.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 12 17:11:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Jul 2010 02:11:31 +0200 Subject: [SEC] [SA40570] CMS Made Simple Download Manager Module Arbitrary File Upload Message-ID: <201007130011.o6D0BVUG004134@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: CMS Made Simple Download Manager Module Arbitrary File Upload SECUNIA ADVISORY ID: SA40570 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40570/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40570 RELEASE DATE: 2010-07-13 DISCUSS ADVISORY: http://secunia.com/advisories/40570/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40570/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40570 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered a vulnerability in the Download Manager module for CMS Made Simple, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the modules/DownloadManager/lib/simple-upload/example.php script allowing the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to upload arbitrary files inside the webroot and e.g. execute arbitrary PHP code. The vulnerability is confirmed in version 1.4.1. Other versions may also be affected. SOLUTION: Restrict access to the "modules/DownloadManager/lib/simple-upload/example.php" script (e.g. via .htaccess) PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: http://cross-site-scripting.blogspot.com/2010/07/cms-made-simple-18-download-manager-141.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 12 17:45:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Jul 2010 02:45:05 +0200 Subject: [SEC] [SA40532] Fedora update for gv Message-ID: <201007130045.o6D0j5uJ025481@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Fedora update for gv SECUNIA ADVISORY ID: SA40532 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40532/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40532 RELEASE DATE: 2010-07-13 DISCUSS ADVISORY: http://secunia.com/advisories/40532/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40532/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40532 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for gv. This fixes two security issues, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to potentially compromise a vulnerable system. For more information: SA40475 SOLUTION: Apply updated packages via the yum utility ("yum update gv"). Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: FEDORA-2010-10660: http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043913.html FEDORA-2010-10642: http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043948.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 12 18:09:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Jul 2010 03:09:21 +0200 Subject: [SEC] [SA40569] FireStats Information Disclosure and Cross-Site Scripting Vulnerabilities Message-ID: <201007130109.o6D19LjR014010@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: FireStats Information Disclosure and Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA40569 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40569/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40569 RELEASE DATE: 2010-07-13 DISCUSS ADVISORY: http://secunia.com/advisories/40569/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40569/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40569 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Jelmer de Hen has discovered a weakness and some vulnerabilities in FireStats, which can be exploited by malicious people to disclose certain system information and conduct cross-site scripting attacks. 1) The application does not properly restrict access to the firestats/php/page-tools.php script. This can be exploited to e.g. disclose the system's MySQL and PHP version. 2) Input passed to the "site_id" parameter in firestats/php/window-new-edit-site.php and to the "edit" parameter in firestats/php/window-add-excluded-ip.php and firestats/php/window-add-excluded-url.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation of the vulnerabilities may require that the application is installed as WordPress plugin. The weakness and the vulnerabilities are confirmed in version 1.6.5. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Restrict access to trusted users only (e.g. via ".htaccess"). PROVIDED AND/OR DISCOVERED BY: Jelmer de Hen ORIGINAL ADVISORY: http://h.ackack.net/more-0day-wordpress-security-leaks-in-firestats.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 12 18:23:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Jul 2010 03:23:12 +0200 Subject: [SEC] [SA40548] FireStats "fs_javascript" Cross-Site Scripting Vulnerability Message-ID: <201007130123.o6D1NCdd001990@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: FireStats "fs_javascript" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA40548 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40548/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40548 RELEASE DATE: 2010-07-13 DISCUSS ADVISORY: http://secunia.com/advisories/40548/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40548/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40548 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Jelmer de Hen has reported a vulnerability in FireStats, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "fs_javascript" parameter through wp-admin/index.php (when used as WordPress plugin) to firestats-wordpress.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 1.6.5. SOLUTION: Update to version 1.6.5. PROVIDED AND/OR DISCOVERED BY: Jelmer de Hen ORIGINAL ADVISORY: Jelmer de Hen: http://h.ackack.net/0day-wordpress-xss-in-firestats-plugin.html FireStats bug #1357: http://firestats.cc/ticket/1357 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 12 18:43:55 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Jul 2010 03:43:55 +0200 Subject: [SEC] [SA40437] Zend Studio Function Description Script Insertion Vulnerability Message-ID: <201007130143.o6D1htBa022809@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Zend Studio Function Description Script Insertion Vulnerability SECUNIA ADVISORY ID: SA40437 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40437/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40437 RELEASE DATE: 2010-07-13 DISCUSS ADVISORY: http://secunia.com/advisories/40437/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40437/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40437 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: saiy1986 has discovered a vulnerability in Zend Studio, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application not properly sanitising function descriptions before displaying them in a tooltip dialog. This can be exploited to execute script code and e.g. launch local applications by tricking a user into opening a specially crafted PHP file and displaying a malicious function description via the tooltip. The vulnerability is confirmed in version 7.2.0 on a Windows system. Other versions may also be affected. SOLUTION: Do not browse untrusted PHP files. PROVIDED AND/OR DISCOVERED BY: saiy1986 ORIGINAL ADVISORY: http://80vul.com/Zend%20studio/Zend%20studio%20location%20Cross.htm OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 12 19:12:06 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Jul 2010 04:12:06 +0200 Subject: [SEC] [SA40500] Debian update for python-cjson Message-ID: <201007130212.o6D2C692011979@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Debian update for python-cjson SECUNIA ADVISORY ID: SA40500 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40500/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40500 RELEASE DATE: 2010-07-13 DISCUSS ADVISORY: http://secunia.com/advisories/40500/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40500/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40500 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for python-cjson. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA40335 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA-2068-1: http://lists.debian.org/debian-security-announce/2010/msg00113.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Jul 12 19:42:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Jul 2010 04:42:10 +0200 Subject: [SEC] [SA40522] ImpressCMS CSSTidy Cross-Site Scripting Vulnerability Message-ID: <201007130242.o6D2gAxY000699@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: ImpressCMS CSSTidy Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA40522 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40522/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40522 RELEASE DATE: 2010-07-13 DISCUSS ADVISORY: http://secunia.com/advisories/40522/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40522/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40522 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered a vulnerability in ImpressCMS, which can be exploited by malicious people to conduct cross-site scripting attacks. The vulnerability exists in the bundled version of CSSTidy. For more information: SA40515 The vulnerability is confirmed in version 1.2.1 Final. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: http://cross-site-scripting.blogspot.com/2010/07/impresscms-121-final-reflected-cross.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Jul 13 10:27:06 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Jul 2010 19:27:06 +0200 Subject: [SEC] [SA40562] Diferior CMS Cross-Site Request Forgery Vulnerability Message-ID: <201007131727.o6DHR6jr028088@CRON-IX-2.intnet> ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Diferior CMS Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA40562 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40562/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40562 RELEASE DATE: 2010-07-13 DISCUSS ADVISORY: http://secunia.com/advisories/40562/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40562/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40562 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Diferior CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change the administrative password, ban a user, or logoff a user by tricking an administrative user into visiting a malicious web site. The vulnerability is confirmed in version 8.03. Other versions may also be affected. SOLUTION: Do not browse untrusted websites or follow untrusted links while logged in to the application. PROVIDED AND/OR DISCOVERED BY: 10n1z3d OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---