From sec-adv at secunia.com Mon May 3 10:26:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 3 May 2010 19:26:41 +0200 Subject: [SEC] [SA39683] Geeklog Forum Cross-Site Scripting Vulnerability Message-ID: <201005031726.o43HQfTT009221@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: Geeklog Forum Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA39683 VERIFY ADVISORY: http://secunia.com/advisories/39683/ DESCRIPTION: A vulnerability has been reported in Geeklog Forum, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via anonymous usernames to createtopic.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation requires that posting for anonymous users is enabled. The vulnerability is reported in versions prior to 2.7.3. SOLUTION: Update to version 2.7.3. http://www.geeklog.net/filemgmt/index.php?id=1001 PROVIDED AND/OR DISCOVERED BY: The vendor credits Jaloh Smith. ORIGINAL ADVISORY: http://www.geeklog.net/article.php/forum-2.7.3 http://www.geeklog.net/filemgmt/index.php?id=1001 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 3 11:26:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 3 May 2010 20:26:36 +0200 Subject: [SEC] [SA39684] Password Manager Daemon "key_file" Parameter Security Issue Message-ID: <201005031826.o43IQaoX031510@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: Password Manager Daemon "key_file" Parameter Security Issue SECUNIA ADVISORY ID: SA39684 VERIFY ADVISORY: http://secunia.com/advisories/39684/ DESCRIPTION: A security issue has been reported in Password Manager Daemon (pwmd), which can lead to insecure configurations. The security issue is caused due to the application reading data from the specified "key_file" as ASCII, although users may use binary data in the file. This can lead to a weaker key being used if e.g. NULL bytes or newline characters are included in the binary data. SOLUTION: Update to version 2.14, which documents the behaviour and alerts users in case of truncated key data. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://benkibbey.wordpress.com/2010/05/01/pwmd-2-14/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 3 12:26:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 3 May 2010 21:26:37 +0200 Subject: [SEC] [SA39687] openMairie openCimetiere File Inclusion Vulnerabilities Message-ID: <201005031926.o43JQbnU021419@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: openMairie openCimetiere File Inclusion Vulnerabilities SECUNIA ADVISORY ID: SA39687 VERIFY ADVISORY: http://secunia.com/advisories/39687/ DESCRIPTION: Some vulnerabilities have been discovered in openMairie openCimetiere, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "path_om" parameter in obj/autorisation.class.php, obj/courrierautorisation.class.php, obj/droit.class.php, obj/profil.class.php, temp_defunt_sansemplacement.class.php, obj/cimetiere.class.php, obj/defunt.class.php, obj/emplacement.class.php, obj/tab_emplacement.class.php, obj/temp_emplacement.class.php, obj/voie.class.php, obj/collectivite.class.php, obj/defunttransfert.class.php, obj/entreprise.class.php, obj/temp_autorisation.class.php, obj/travaux.class.php, obj/zone.class.php, obj/courrier.class.php, obj/dossier.class.php, obj/plans.class.php, obj/temp_defunt.class.php, and obj/utilisateur.class.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or remote resources. Successful exploitation requires that "register_globals" is enabled. The vulnerabilities are confirmed in version 2.01. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: cr4wl3r ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 3 13:26:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 3 May 2010 22:26:39 +0200 Subject: [SEC] [SA39688] openMairie openCatalogue "dsn[phptype]" Local File Inclusion Vulnerability Message-ID: <201005032026.o43KQd2B011330@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: openMairie openCatalogue "dsn[phptype]" Local File Inclusion Vulnerability SECUNIA ADVISORY ID: SA39688 VERIFY ADVISORY: http://secunia.com/advisories/39688/ DESCRIPTION: A vulnerability has been discovered in openMairie openCatalogue, which can be exploited by malicious people to disclose sensitive information. For more information see vulnerability #1 in: SA39389 The vulnerability is confirmed in version 1.024. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: cr4wl3r OTHER REFERENCES: SA39389: http://secunia.com/advisories/39389/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 3 14:20:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 3 May 2010 23:20:38 +0200 Subject: [SEC] [SA39664] Fedora update for opendchub Message-ID: <201005032120.o43LKc0i001010@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: Fedora update for opendchub SECUNIA ADVISORY ID: SA39664 VERIFY ADVISORY: http://secunia.com/advisories/39664/ DESCRIPTION: Fedora has issued an update for opendchub. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA39199 SOLUTION: Apply updated packages using the yum utility ("yum update opendchub"). ORIGINAL ADVISORY: FEDORA-2010-6426: http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040421.html FEDORA-2010-6415: http://lists.fedoraproject.org/pipermail/package-announce/2010-April/040380.html OTHER REFERENCES: SA39199: http://secunia.com/advisories/39199/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 3 14:41:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 3 May 2010 23:41:26 +0200 Subject: [SEC] [SA39679] Debian update for squidguard Message-ID: <201005032141.o43LfQFN021596@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: Debian update for squidguard SECUNIA ADVISORY ID: SA39679 VERIFY ADVISORY: http://secunia.com/advisories/39679/ DESCRIPTION: Debian has issued an update for squidguard. This fixes some security issues, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA37107 SOLUTION: Apply updated packages. -- Debian GNU/Linux 5.0 alias lenny -- Source archives: http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1.diff.gz Size/MD5 checksum: 96388 07777686b02bc2cee2af916b5bbcb6cf http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0.orig.tar.gz Size/MD5 checksum: 1852659 f7044a2151827a2070e4c2be82b944b0 http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1.dsc Size/MD5 checksum: 1064 72e5eea602be70def18b97ce364ee3bb alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_alpha.deb Size/MD5 checksum: 144380 fad02a30f87a187d7ff4d155d12544c4 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_amd64.deb Size/MD5 checksum: 140890 b38e94f8a1b380d4ae40255896cd5332 arm architecture (ARM) http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_arm.deb Size/MD5 checksum: 138620 77992d03a14fe075bf1c8e739498497d armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_armel.deb Size/MD5 checksum: 137416 9b2568cc9566ba6b50592e21306f1d88 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_hppa.deb Size/MD5 checksum: 141646 eb2dcf7aaf9336236a9c3d3275600bfb i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_i386.deb Size/MD5 checksum: 136670 50b26027612e70912d15cbae5123b5c8 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_ia64.deb Size/MD5 checksum: 152770 3e3b4404993efb1c5167119d2edf1fa9 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_mips.deb Size/MD5 checksum: 142754 3baf8a5cccba3817a5a0214362ea988c mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_mipsel.deb Size/MD5 checksum: 141380 e2ed223a4d502ae0b9145cc6b5e680ed powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_powerpc.deb Size/MD5 checksum: 141494 e887ab8682e8ba9abf3c0cb09b9cb8ee s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_s390.deb Size/MD5 checksum: 140986 feb748e58cb638dd8a8212d7fd17ee93 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/s/squidguard/squidguard_1.2.0-8.4+lenny1_sparc.deb Size/MD5 checksum: 138004 3ff93f8b43a07864692086ceb2af077d ORIGINAL ADVISORY: DSA-2040-1: http://lists.debian.org/debian-security-announce/2010/msg00081.html OTHER REFERENCES: SA37107: http://secunia.com/advisories/37107/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 3 14:53:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 3 May 2010 23:53:35 +0200 Subject: [SEC] [SA39580] Campsite "article_id" SQL Injection Vulnerability Message-ID: <201005032153.o43LrZC0009357@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: Campsite "article_id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA39580 VERIFY ADVISORY: http://secunia.com/advisories/39580/ DESCRIPTION: Stefan Esser has reported a vulnerability in Campsite, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "article_id" parameter to javascript/tinymce/plugins/campsiteattachment/attachments.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in versions 3.2 through 3.3.5. Other versions may also be affected. SOLUTION: Apply patch. http://www.campware.org/en/camp/campsite_news/832/ PROVIDED AND/OR DISCOVERED BY: Stefan Esser ORIGINAL ADVISORY: MOPS-2010-002: http://php-security.org/2010/05/01/mops-2010-002-campsite-tinymce-article-attachment-sql-injection-vulnerability/index.html Campsite: http://www.campware.org/en/camp/campsite_news/832/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 3 15:06:55 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 4 May 2010 00:06:55 +0200 Subject: [SEC] [SA39686] LXR Cross Referencer Cross-Site Scripting Vulnerability Message-ID: <201005032206.o43M6tr3029548@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: LXR Cross Referencer Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA39686 VERIFY ADVISORY: http://secunia.com/advisories/39686/ DESCRIPTION: A vulnerability has been reported in LXR Cross Referencer, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the title string is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 0.9.8. SOLUTION: Update to version 0.9.8. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://lxr.cvs.sourceforge.net/viewvc/lxr/lxr/lib/LXR/Common.pm?view=log#rev1.64 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 3 15:20:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 4 May 2010 00:20:47 +0200 Subject: [SEC] [SA39708] JobPost "iType" SQL Injection Vulnerability Message-ID: <201005032220.o43MKlQ5017376@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: JobPost "iType" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA39708 VERIFY ADVISORY: http://secunia.com/advisories/39708/ DESCRIPTION: A vulnerability has been reported in JobPost, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "iType" parameter to type.asp is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Sid3^effects ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 3 15:41:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 4 May 2010 00:41:42 +0200 Subject: [SEC] [SA39637] NIBE RCU 11 Multiple Vulnerabilities Message-ID: <201005032241.o43MfglO005518@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: NIBE RCU 11 Multiple Vulnerabilities SECUNIA ADVISORY ID: SA39637 VERIFY ADVISORY: http://secunia.com/advisories/39637/ DESCRIPTION: Multiple vulnerabilities have been reported in NIBE RCU 11, which can be exploited by malicious users to disclose potentially sensitive information and compromise a vulnerable system and by malicious people to conduct cross-site request forgery attacks. 1) Input passed to the "page" parameter in cgi-bin/read.cgi is not properly sanitised before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks. 2) Input passed to the "script" parameter in cgi-bin/exec.cgi is not properly sanitised before being used as a command line argument. This can be exploited to inject arbitrary shell commands. Successful exploitation requires "Write" or "Admin" User Level permissions. 3) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. create an arbitrary user with administrative privileges if a logged-in administrative user visits a malicious web site. SOLUTION: Restrict access to the device to trusted hosts only (e.g. via network access control lists). PROVIDED AND/OR DISCOVERED BY: 1) Fredrik Nordberg Almroth 2-3) Jelmer de Hen ORIGINAL ADVISORY: Fredrik Nordberg Almroth: http://h.ackack.net/?p=274 Jelmer de Hen: http://h.ackack.net/?p=302 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 3 15:53:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 4 May 2010 00:53:35 +0200 Subject: [SEC] [SA39711] Adobe Photoshop CS4 TIFF File Processing Vulnerabilities Message-ID: <201005032253.o43MrZnk025648@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: Adobe Photoshop CS4 TIFF File Processing Vulnerabilities SECUNIA ADVISORY ID: SA39711 VERIFY ADVISORY: http://secunia.com/advisories/39711/ DESCRIPTION: Some vulnerabilities have been reported in Adobe Photoshop CS4, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to unspecified errors when handling TIFF files and can be exploited to execute arbitrary code when a user opens a specially crafted TIFF file. The vulnerabilities are reported in version 11.0.0. SOLUTION: Update to Photoshop CS4 11.0.1. Adobe Photoshop CS4 11.0.1 update for Windows: http://www.adobe.com/support/downloads/detail.jsp?ftpID=4292 Adobe Photoshop CS4 11.0.1 update for Macintosh: http://www.adobe.com/support/downloads/detail.jsp?ftpID=4291 PROVIDED AND/OR DISCOVERED BY: The vendor credits Tavis Ormandy of the Google Security Team. ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/security/bulletins/apsb10-10.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 3 16:06:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 4 May 2010 01:06:41 +0200 Subject: [SEC] [SA39669] OpenTTD Multiple Vulnerabilities Message-ID: <201005032306.o43N6fmD013438@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: OpenTTD Multiple Vulnerabilities SECUNIA ADVISORY ID: SA39669 VERIFY ADVISORY: http://secunia.com/advisories/39669/ DESCRIPTION: Some vulnerabilities have been reported in OpenTTD, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service), and by malicious users to cause a DoS and potentially compromise a vulnerable system. 1) An error exists within the handling of password requests. This can be exploited to access the game without knowing the correct game password. Successful exploitation requires that the password of one of the companies is known or that one of the companies uses an empty password. Note: This can also be exploited to crash the server by sending a password packet as spectator. 2) Various errors within the handling of certain commands related to e.g. integer truncation can be exploited to crash the server and potentially execute arbitrary code by sending specially crafted commands to a vulnerable server. 3) A file descriptor leak can be exploited to crash the server by e.g. repeatedly initiating the download of a map and then canceling the download until the server runs out of file descriptors. SOLUTION: Update to version 1.0.1 or apply patches. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: 1) http://security.openttd.org/en/CVE-2010-0401 2) http://security.openttd.org/en/CVE-2010-0402 3) http://security.openttd.org/en/CVE-2010-0406 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 3 16:20:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 4 May 2010 01:20:43 +0200 Subject: [SEC] [SA39673] openMairie openAnnuaire File Inclusion Vulnerabilities Message-ID: <201005032320.o43NKh9n001209@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: openMairie openAnnuaire File Inclusion Vulnerabilities SECUNIA ADVISORY ID: SA39673 VERIFY ADVISORY: http://secunia.com/advisories/39673/ DESCRIPTION: Some vulnerabilities have been discovered in openMairie openAnnuaire, which can be exploited by malicious people to disclose sensitive information and compromise a vulnerable system. 1) Input passed to the "dsn[phptype]" parameter can be exploited to include arbitrary files from local resources. For more information see vulnerability #1 in: SA39389 2) Input passed to the "path_om" parameter in obj/annuaire.class.php, obj/droit.class.php, obj/collectivite.class.php, obj/profil.class.php, obj/direction.class.php, obj/service.class.php, obj/directiongenerale.class.php, and obj/utilisateur.class.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or remote resources. Successful exploitation of both vulnerabilities requires that "register_globals" is enabled. The vulnerabilities are confirmed in version 2.00. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: cr4wl3r OTHER REFERENCES: SA39389: http://secunia.com/advisories/39389/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 3 16:41:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 4 May 2010 01:41:26 +0200 Subject: [SEC] [SA39659] Red Hat update for java-1.6.0-ibm Message-ID: <201005032341.o43NfQIf021805@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: Red Hat update for java-1.6.0-ibm SECUNIA ADVISORY ID: SA39659 VERIFY ADVISORY: http://secunia.com/advisories/39659/ DESCRIPTION: Red Hat has issued an update for java-1.6.0-ibm. This fixes multiple vulnerabilities, where some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, disclose potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system. For more information: SA37255 SOLUTION: Updated packages are available via Red Hat Network. http://rhn.redhat.com ORIGINAL ADVISORY: RHSA-2010:0383-1: https://rhn.redhat.com/errata/RHSA-2010-0383.html OTHER REFERENCES: SA37255: http://secunia.com/advisories/37255/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 3 16:53:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 4 May 2010 01:53:30 +0200 Subject: [SEC] [SA39672] MDaemon Mailing List Subscription Directory Traversal Message-ID: <201005032353.o43NrUho009546@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: MDaemon Mailing List Subscription Directory Traversal SECUNIA ADVISORY ID: SA39672 VERIFY ADVISORY: http://secunia.com/advisories/39672/ DESCRIPTION: Kingcope has discovered a security issue in MDaemon, which potentially can be exploited by malicious people to disclose sensitive information. The security issue is caused due to an input sanitation error when processing mailing list subscription requests. This can be exploited to disclose an arbitrary local text file via an e-mail sent to the "MDaemon" account, containing "SUBSCRIBE" followed by directory traversal sequences in the subject. Successful exploitation requires that a malicious ".grp" file is placed at a known location on the local system. The security issue is confirmed in version 11.0.1. Other versions may also be affected. SOLUTION: Reject subscription messages received from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Kingcope ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0010.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 3 17:06:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 4 May 2010 02:06:32 +0200 Subject: [SEC] [SA39700] KrM Haber Database Disclosure Security Issue Message-ID: <201005040006.o4406W9L029731@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: KrM Haber Database Disclosure Security Issue SECUNIA ADVISORY ID: SA39700 VERIFY ADVISORY: http://secunia.com/advisories/39700/ DESCRIPTION: A security issue has been reported in KrM Haber, which can be exploited by malicious people to disclose sensitive information. The security issue is caused due to the "d_atabase/Krmdb.mdb" database file being stored with insecure permissions inside the web root. This can be exploited to gain knowledge of sensitive information by downloading the file. The security issue is reported in version 1.0. SOLUTION: Place the database file outside the webroot. PROVIDED AND/OR DISCOVERED BY: LionTurk ORIGINAL ADVISORY: http://packetstormsecurity.org/1004-exploits/krmhaber-disclose.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 3 17:20:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 4 May 2010 02:20:29 +0200 Subject: [SEC] [SA39699] Urgent Backup ZIP Processing Buffer Overflow Vulnerability Message-ID: <201005040020.o440KTEe017555@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: Urgent Backup ZIP Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA39699 VERIFY ADVISORY: http://secunia.com/advisories/39699/ DESCRIPTION: Lincoln has discovered a vulnerability in Urgent Backup, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing ZIP archives. This can be exploited to cause a stack-based buffer overflow by tricking a user into restoring files from a specially crafted ZIP file. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 3.20. Other versions may also be affected. SOLUTION: Do not process untrusted ZIP files. PROVIDED AND/OR DISCOVERED BY: Lincoln, Corelan ORIGINAL ADVISORY: http://www.corelan.be:8800/advisories.php?id=CORELAN-10-034 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 3 17:41:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 4 May 2010 02:41:29 +0200 Subject: [SEC] [SA39701] ABC Backup ZIP Processing Buffer Overflow Vulnerability Message-ID: <201005040041.o440fTOu005694@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: ABC Backup ZIP Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA39701 VERIFY ADVISORY: http://secunia.com/advisories/39701/ DESCRIPTION: Lincoln has discovered a vulnerability in ABC Backup, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing ZIP archives. This can be exploited to cause a stack-based buffer overflow by tricking a user into restoring files from a specially crafted ZIP file. Successful exploitation allows execution of arbitrary code. This may be related to: SA39699 The vulnerability is confirmed in version 5.50. Other versions may also be affected. SOLUTION: Do not process untrusted ZIP files. PROVIDED AND/OR DISCOVERED BY: Lincoln, Corelan ORIGINAL ADVISORY: http://www.corelan.be:8800/advisories.php?id=CORELAN-10-034 OTHER REFERENCES: SA39699: http://secunia.com/advisories/39699/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 3 17:53:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 4 May 2010 02:53:32 +0200 Subject: [SEC] [SA39691] DBHcms Cross-Site Scripting and Script Insertion Message-ID: <201005040053.o440rWJA025835@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: DBHcms Cross-Site Scripting and Script Insertion SECUNIA ADVISORY ID: SA39691 VERIFY ADVISORY: http://secunia.com/advisories/39691/ DESCRIPTION: Some vulnerabilities have been discovered in DBHcms, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks. 1) Input passed via the "searchString" parameter when performing a search is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "guestbookName" and "guestbookLocation" parameters when posting a guestbook entry is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerabilities are confirmed in version 1.1.4. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: ITSecTeam ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 3 18:06:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 4 May 2010 03:06:37 +0200 Subject: [SEC] [SA39715] Comersus Power Pack Cross-Site Request Forgery Vulnerability Message-ID: <201005040106.o4416boX013622@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: Comersus Power Pack Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA39715 VERIFY ADVISORY: http://secunia.com/advisories/39715/ DESCRIPTION: A vulnerability has been reported in Comersus Power Pack, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions by tricking a user into visiting a malicious web site. This is related to: SA39695 SOLUTION: Do not browse untrusted websites while being logged in to Comersus. PROVIDED AND/OR DISCOVERED BY: Sid3^effects ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/12471 OTHER REFERENCES: SA39695: http://secunia.com/advisories/39695/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 3 18:20:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 4 May 2010 03:20:36 +0200 Subject: [SEC] [SA39710] B2B Gold Script "id" SQL Injection Vulnerability Message-ID: <201005040120.o441Ka4j001389@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: B2B Gold Script "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA39710 VERIFY ADVISORY: http://secunia.com/advisories/39710/ DESCRIPTION: A vulnerability has been reported in B2B Gold Script, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to products.html is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: v3n0m ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 3 18:41:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 4 May 2010 03:41:32 +0200 Subject: [SEC] [SA39682] Mesut Manset Haber Security Bypass Vulnerability Message-ID: <201005040141.o441fWLA021972@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: Mesut Manset Haber Security Bypass Vulnerability SECUNIA ADVISORY ID: SA39682 VERIFY ADVISORY: http://secunia.com/advisories/39682/ DESCRIPTION: A vulnerability has been reported in Mesut Manset Haber, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to the application not properly restricting access to the admin/admin_haber.asp script, which can be exploited to e.g. add and modify certain entries. The vulnerability is reported in version 1.0. Other versions may also be affected. SOLUTION: Restrict access to the "admin" folder. PROVIDED AND/OR DISCOVERED BY: LionTurk ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/12478 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 3 18:53:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 4 May 2010 03:53:35 +0200 Subject: [SEC] [SA39695] Comersus Cart Cross-Site Request Forgery Vulnerability Message-ID: <201005040153.o441rZEh009713@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: Comersus Cart Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA39695 VERIFY ADVISORY: http://secunia.com/advisories/39695/ DESCRIPTION: A vulnerability has been discovered in Comersus Cart, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. execute arbitrary SQL queries by tricking an administrative user into visiting a malicious web site. The vulnerability is confirmed in version 8. Other versions may also be affected. SOLUTION: Do not browse untrusted websites while being logged in to Comersus Cart. PROVIDED AND/OR DISCOVERED BY: Sid3^effects ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/12471 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 3 19:08:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 4 May 2010 04:08:31 +0200 Subject: [SEC] [SA39674] NolaPro "linenum" Cross-Site Scripting Vulnerability Message-ID: <201005040208.o4428VoM030304@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: NolaPro "linenum" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA39674 VERIFY ADVISORY: http://secunia.com/advisories/39674/ DESCRIPTION: A vulnerability has been discovered in NolaPro, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "linenum" parameter to nporderitemremote.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation requires that the victim is logged-in. The vulnerability is confirmed in version 4.0.5720. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences in a proxy. PROVIDED AND/OR DISCOVERED BY: ekse, Corelan Team ORIGINAL ADVISORY: http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-035-nolapro-enterprise-4-0-5538-multiple-vulnerabilities/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 3 19:20:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 4 May 2010 04:20:30 +0200 Subject: [SEC] [SA39631] Scratcher Two Vulnerabilities Message-ID: <201005040220.o442KUFu018037@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: Scratcher Two Vulnerabilities SECUNIA ADVISORY ID: SA39631 VERIFY ADVISORY: http://secunia.com/advisories/39631/ DESCRIPTION: Two vulnerabilities have been discovered in Scratcher, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Input passed to the "show" parameter in projects.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "id" parameter to projects.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. NOTE: This can further be exploited to conduct cross-site scripting attacks via SQL error messages. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: cr4wl3r ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 3 19:41:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 4 May 2010 04:41:28 +0200 Subject: [SEC] [SA39671] NolaPro Cross-Site Scripting and SQL Injection Vulnerabilities Message-ID: <201005040241.o442fSKJ006177@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: NolaPro Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA39671 VERIFY ADVISORY: http://secunia.com/advisories/39671/ DESCRIPTION: Multiple vulnerabilities have been reported in NolaPro, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks. 1) Input passed via the "file" parameter to example.php and the "menutitle" parameter to sidemenu.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation of the "menutitle" parameter requires that the victim is logged-in. 2) Input passed via the "vendorid" parameter to invitemlstreorder.php is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in version 4.0.5538. Other versions may also be affected. NOTE: A file enumeration issue via checkfile.php has also been reported. SOLUTION: Update to version 4.0.5720. PROVIDED AND/OR DISCOVERED BY: ekse, Corelan Team ORIGINAL ADVISORY: http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-035-nolapro-enterprise-4-0-5538-multiple-vulnerabilities/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 3 19:53:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 4 May 2010 04:53:34 +0200 Subject: [SEC] [SA39573] PHP HTTP Chunked Encoding Processing Signedness Vulnerability Message-ID: <201005040253.o442rYhh026321@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: PHP HTTP Chunked Encoding Processing Signedness Vulnerability SECUNIA ADVISORY ID: SA39573 VERIFY ADVISORY: http://secunia.com/advisories/39573/ DESCRIPTION: Stefan Esser has discovered a vulnerability in PHP, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a signedness error within the "php_dechunk()" function in ext/standard/filters.c when processing HTTP streams. This can be exploited to corrupt memory and cause a crash when an HTTP chunk having an overly large size is processed through the "dechunk" filter. The vulnerability is confirmed in version 5.3.2. Other versions may also be affected. SOLUTION: Do not process untrusted HTTP streams in PHP applications. PROVIDED AND/OR DISCOVERED BY: Stefan Esser ORIGINAL ADVISORY: http://php-security.org/2010/05/02/mops-2010-003-php-dechunk-filter-signed-comparison-vulnerability/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 3 20:06:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 4 May 2010 05:06:28 +0200 Subject: [SEC] [SA39681] Joomla! DJ-Classifieds Component Script Insertion and File Upload Vulnerabilities Message-ID: <201005040306.o4436SlE014107@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: Joomla! DJ-Classifieds Component Script Insertion and File Upload Vulnerabilities SECUNIA ADVISORY ID: SA39681 VERIFY ADVISORY: http://secunia.com/advisories/39681/ DESCRIPTION: Some vulnerabilities have been discovered in the DJ-Classifieds component for Joomla!, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system. 1) Input passed via the "description" parameter to index.php (when "option" is set to "com_djclassifieds" and "view" is set to "additem") is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 2) A vulnerability is caused due to the application improperly validating uploaded files. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script with multiple extensions. Successful exploitation of this vulnerability requires that Apache is not configured to handle the mime-type for files with an e.g. "pjpeg" extension. The vulnerabilities are confirmed in version 0.9.1. Other versions may also be affected. SOLUTION: Grant only trusted users access to the affected component. PROVIDED AND/OR DISCOVERED BY: Sid3^effects ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue May 4 10:26:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 4 May 2010 19:26:42 +0200 Subject: [SEC] [SA39677] Zikula Application Framework Cross-Site Request Forgery Vulnerability Message-ID: <201005041726.o44HQgg3007727@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: Zikula Application Framework Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA39677 VERIFY ADVISORY: http://secunia.com/advisories/39677/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in Zikula Application Framework, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change an email address if a logged-in user visits a malicious web site. The vulnerability is confirmed in version 1.2.3. Other versions may also be affected. SOLUTION: Do not browse untrusted sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: http://www.htbridge.ch/advisory/xsrf_csrf_in_zikula_application_framework.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue May 4 11:26:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 4 May 2010 20:26:48 +0200 Subject: [SEC] [SA39604] Mango Blog "post.cfm" Cross-Site Scripting Vulnerability Message-ID: <201005041826.o44IQmkN030030@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: Mango Blog "post.cfm" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA39604 VERIFY ADVISORY: http://secunia.com/advisories/39604/ DESCRIPTION: A vulnerability has been discovered in Mango Blog, which can be exploited by malicious people to conduct cross-site scripting attacks. Input appended to the URL after post.cfm is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. The vulnerability is confirmed in version 1.4.1. Other versions may also be affected. SOLUTION: Update to version 1.4.2 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://code.google.com/p/mangoblog/source/detail?r=467 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue May 4 12:26:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 4 May 2010 21:26:49 +0200 Subject: [SEC] [SA39678] ecoCMS "p" Cross-Site Scripting Vulnerability Message-ID: <201005041926.o44JQnBH019917@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: ecoCMS "p" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA39678 VERIFY ADVISORY: http://secunia.com/advisories/39678/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in ecoCMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "p" parameter in admin.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in ecoCMS Free. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: http://www.htbridge.ch/advisory/xss_in_ecocms.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue May 4 13:26:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 4 May 2010 22:26:36 +0200 Subject: [SEC] [SA39541] NovaBACKUP Network / NovaNet Denial of Service Vulnerability Message-ID: <201005042026.o44KQaLL009821@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: NovaBACKUP Network / NovaNet Denial of Service Vulnerability SECUNIA ADVISORY ID: SA39541 VERIFY ADVISORY: http://secunia.com/advisories/39541/ DESCRIPTION: mu-b has discovered a vulnerability in NovaBACKUP Network and NovaNet, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a NULL pointer dereference error when processing certain packets, which can be exploited to crash the service by sending specially crafted packets. The vulnerability is confirmed in NovaNet 12.00 (build 44717) for Windows and NovaBACKUP Network version 13.0.00.54970 for Windows. SOLUTION: Restrict network access to trusted users only. PROVIDED AND/OR DISCOVERED BY: mu-b ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0355.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue May 4 14:20:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 4 May 2010 23:20:36 +0200 Subject: [SEC] [SA39714] Avaya Products Wireshark Multiple Vulnerabilities Message-ID: <201005042120.o44LKacc031948@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: Avaya Products Wireshark Multiple Vulnerabilities SECUNIA ADVISORY ID: SA39714 VERIFY ADVISORY: http://secunia.com/advisories/39714/ DESCRIPTION: Avaya has acknowledged some vulnerabilities in multiple Avaya products, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a user's system. For more information: SA35884 SA37175 SA38257 The vulnerabilities are reported in the following products and versions: * Avaya Aura Application Enablement Services (version 5.2.x) * Avaya Aura Communication Manager (all versions) * Avaya Messaging Storage Server (all versions) * Avaya Aura Session Manager (versions 1.1 and 5.2) * Avaya Aura SIP Enablement Services (all versions) * Avaya Aura System Platform (version 1.1) SOLUTION: The vendor recommends that local and network access to the affected systems be restricted until an update is available. ORIGINAL ADVISORY: Avaya (ASA-2010-116): https://support.avaya.com/css/P8/documents/100081589 OTHER REFERENCES: SA35884: http://secunia.com/advisories/35884/ SA37175: http://secunia.com/advisories/37175/ SA38257: http://secunia.com/advisories/38257/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue May 4 14:41:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 4 May 2010 23:41:38 +0200 Subject: [SEC] [SA39675] PHP "addcslashes()" Information Disclosure Vulnerability Message-ID: <201005042141.o44LfcMA020070@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: PHP "addcslashes()" Information Disclosure Vulnerability SECUNIA ADVISORY ID: SA39675 VERIFY ADVISORY: http://secunia.com/advisories/39675/ DESCRIPTION: Stefan Esser has reported a vulnerability in PHP, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to the implementation of "addcslashes()" function not being properly protected against function interruptions, which can be exploited to disclose potentially sensitive information. The vulnerability is reported in PHP 5.2.13 and 5.3.2. Other versions may also be affected. SOLUTION: Do not use the vulnerable function in an exploitable context. PROVIDED AND/OR DISCOVERED BY: Stefan Esser ORIGINAL ADVISORY: http://php-security.org/2010/05/03/mops-2010-006-php-addcslashes-interruption-information-leak-vulnerability/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue May 4 14:53:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 4 May 2010 23:53:40 +0200 Subject: [SEC] [SA39705] KubeBlog Cross-Site Request Forgery Vulnerability Message-ID: <201005042153.o44Lreww007827@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: KubeBlog Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA39705 VERIFY ADVISORY: http://secunia.com/advisories/39705/ DESCRIPTION: A vulnerability has been discovered in KubeBlog, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. add a new administrative user or change the administrative password by tricking an administrative user into visiting a malicious web site. The vulnerability is confirmed in version 1.1.2. Other versions may also be affected. SOLUTION: Do not browse untrusted websites or follow untrusted links while logged in to the application. PROVIDED AND/OR DISCOVERED BY: The.Morpheus ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue May 4 15:07:01 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 5 May 2010 00:07:01 +0200 Subject: [SEC] [SA39713] Avaya Products NSS TLS Session Renegotiation Vulnerability Message-ID: <201005042207.o44M71xU028013@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: Avaya Products NSS TLS Session Renegotiation Vulnerability SECUNIA ADVISORY ID: SA39713 VERIFY ADVISORY: http://secunia.com/advisories/39713/ DESCRIPTION: Avaya has acknowledged a vulnerability in multiple Avaya products, which can be exploited by malicious people to manipulate certain data. For more information: SA38400 The vulnerability is reported in the following products and versions: * Avaya Aura Application Enablement Services (version 5.2.x) * Avaya IQ (all versions) * Avaya Message Networking (all versions) * Avaya Messaging Storage Server (all versions) * Avaya Aura Session Manager (versions 1.1 and 5.2) * Avaya Aura System Manager (all versions) * Avaya Aura System Platform (version 1.1) * Avaya Voice Portal (all versions) SOLUTION: The vendor recommends that local and network access to the affected systems be restricted until an update is available. ORIGINAL ADVISORY: Avaya (ASA-2010-119): https://support.avaya.com/css/P8/documents/100081611 OTHER REFERENCES: SA38400: http://secunia.com/advisories/38400/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue May 4 15:20:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 5 May 2010 00:20:32 +0200 Subject: [SEC] [SA39685] ClanSphere Captcha Generator SQL Injection Vulnerability Message-ID: <201005042220.o44MKWaF015815@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: ClanSphere Captcha Generator SQL Injection Vulnerability SECUNIA ADVISORY ID: SA39685 VERIFY ADVISORY: http://secunia.com/advisories/39685/ DESCRIPTION: Stefan Esser has reported a vulnerability in ClanSphere, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via certain HTTP headers to ClanSphere's captcha generator is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Note: An error also exists within the "cs_sql_select()" function in system/database/mysql.php. The vulnerability is reported in version 2009.0.3 and prior. SOLUTION: Update to version 2009.0.3.1. http://sourceforge.net/projects/clansphere/files/ PROVIDED AND/OR DISCOVERED BY: Stefan Esser ORIGINAL ADVISORY: http://php-security.org/2010/05/03/mops-2010-004-clansphere-captcha-generator-blind-sql-injection-vulnerability/index.html http://php-security.org/2010/05/03/mops-2010-005-clansphere-mysql-driver-generic-sql-injection-vulnerability/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue May 4 15:41:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 5 May 2010 00:41:26 +0200 Subject: [SEC] [SA39619] Fedora update for openttd Message-ID: <201005042241.o44MfQDH003949@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: Fedora update for openttd SECUNIA ADVISORY ID: SA39619 VERIFY ADVISORY: http://secunia.com/advisories/39619/ DESCRIPTION: Fedora has issued an update for openttd. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service), and by malicious users to cause a DoS and potentially compromise a vulnerable system. For more information: SA39669 SOLUTION: Apply updated packages via the yum utility ("yum update openttd"). ORIGINAL ADVISORY: FEDORA-2010-7800: http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040642.html FEDORA-2010-7885: http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040731.html OTHER REFERENCES: SA39669: http://secunia.com/advisories/39669/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue May 4 15:53:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 5 May 2010 00:53:41 +0200 Subject: [SEC] [SA39581] Debian update for mediawiki Message-ID: <201005042253.o44MrfrA024090@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: Debian update for mediawiki SECUNIA ADVISORY ID: SA39581 VERIFY ADVISORY: http://secunia.com/advisories/39581/ DESCRIPTION: Debian has issued an update for mediawiki. This fixes a vulnerability, which can be exploited by malicious users to conduct cross-site request forgery attacks. For more information: SA39333 SOLUTION: Apply updated packages. -- Debian GNU/Linux 5.0 alias lenny -- Source archives: http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki_1.12.0.orig.tar.gz Size/MD5 checksum: 7188806 117a1360f440883a51f0ebca32906ea0 http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki_1.12.0-2lenny5.diff.gz Size/MD5 checksum: 64013 4bda93a5b7657c02615abb552a52656f http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki_1.12.0-2lenny5.dsc Size/MD5 checksum: 1549 95beff777c2aabfc1c27ee705d6e962d Architecture independent packages: http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki_1.12.0-2lenny5_all.deb Size/MD5 checksum: 7232192 376a7e8a9d5ef623d9f742c46b6731d2 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki- math_1.12.0-2lenny5_alpha.deb Size/MD5 checksum: 50010 ef0bba8b3e99182ca3aa0332c65ecb79 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki- math_1.12.0-2lenny5_amd64.deb Size/MD5 checksum: 157208 be32615f5aa6e9eb8c7cb9856190667e arm architecture (ARM) http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki- math_1.12.0-2lenny5_arm.deb Size/MD5 checksum: 49488 daa203ec0ec783fa56621b5175bdf339 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki- math_1.12.0-2lenny5_armel.deb Size/MD5 checksum: 49466 0fadcd27411dfbe53bb5acf871f8e9a5 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki- math_1.12.0-2lenny5_hppa.deb Size/MD5 checksum: 50024 1d7fd2466472722e1c94b543e302c481 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki- math_1.12.0-2lenny5_i386.deb Size/MD5 checksum: 139020 97e49217a15ba203534ed4e55684ec21 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki- math_1.12.0-2lenny5_ia64.deb Size/MD5 checksum: 50014 6d58ac1368a33980217cf93e6252bd8d mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki- math_1.12.0-2lenny5_mips.deb Size/MD5 checksum: 50020 2402eedead8550ae99d9a979a861afb9 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki- math_1.12.0-2lenny5_mipsel.deb Size/MD5 checksum: 50020 079fe641ba7565df49c0cd2b639d8cc7 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki- math_1.12.0-2lenny5_powerpc.deb Size/MD5 checksum: 163034 93917f4c7b2b7c81e4542c83de7950d9 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki- math_1.12.0-2lenny5_s390.deb Size/MD5 checksum: 50004 a54b1abd2c73872c378b73c751ac6134 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/m/mediawiki/mediawiki- math_1.12.0-2lenny5_sparc.deb Size/MD5 checksum: 158352 39f3faa87dcc103f6f948e351801ee88 ORIGINAL ADVISORY: DSA-2041-1: http://lists.debian.org/debian-security-announce/2010/msg00082.html OTHER REFERENCES: SA39333: http://secunia.com/advisories/39333/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue May 4 16:06:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 5 May 2010 01:06:27 +0200 Subject: [SEC] [SA39632] Fedora update for httpd Message-ID: <201005042306.o44N6RVC011873@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: Fedora update for httpd SECUNIA ADVISORY ID: SA39632 VERIFY ADVISORY: http://secunia.com/advisories/39632/ DESCRIPTION: Fedora has issued an update for httpd. This fixes multiple vulnerabilities, which can be exploited by malicious people to gain access to potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service). For more information: SA37291 SA38776 SOLUTION: Apply updated packages via the yum utility ("yum update httpd"). ORIGINAL ADVISORY: FEDORA-2010-6131: https://admin.fedoraproject.org/updates/httpd-2.2.15-1.fc11.1 OTHER REFERENCES: SA37291: http://secunia.com/advisories/37291/ SA38776: http://secunia.com/advisories/38776/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue May 4 16:20:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 5 May 2010 01:20:42 +0200 Subject: [SEC] [SA39618] Fedora update for nano Message-ID: <201005042320.o44NKgPU032095@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: Fedora update for nano SECUNIA ADVISORY ID: SA39618 VERIFY ADVISORY: http://secunia.com/advisories/39618/ DESCRIPTION: Fedora has issued an update for nano. This fixes two security issues, which can be exploited by malicious, local users to perform certain actions with escalated privileges. For more information: SA39444 SOLUTION: Apply updated packages via the yum utility ("yum update nano"). ORIGINAL ADVISORY: FEDORA-2010-6775: https://admin.fedoraproject.org/updates/nano-2.0.9-6.fc12 FEDORA-2010-6776: https://admin.fedoraproject.org/updates/nano-2.0.9-1.fc11 OTHER REFERENCES: SA39444: http://secunia.com/advisories/39444/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue May 4 16:41:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 5 May 2010 01:41:33 +0200 Subject: [SEC] [SA39706] Gallo "config[gfwroot]" File Inclusion Vulnerability Message-ID: <201005042341.o44NfXjM020230@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: Gallo "config[gfwroot]" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA39706 VERIFY ADVISORY: http://secunia.com/advisories/39706/ DESCRIPTION: A vulnerability has been discovered in Gallo, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "config[gfwroot]" parameter in core/includes/gfw_smarty.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources. Successful exploitation requires that "register_globals" is enabled. The vulnerability is confirmed in version 0.1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: cr4wl3r ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed May 5 10:27:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 5 May 2010 19:27:39 +0200 Subject: [SEC] [SA39697] Red Hat update for kernel Message-ID: <201005051727.o45HRdgB023563@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: Red Hat update for kernel SECUNIA ADVISORY ID: SA39697 VERIFY ADVISORY: http://secunia.com/advisories/39697/ DESCRIPTION: Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, disclose potentially sensitive information, and cause a DoS (Denial of Service), and by malicious people to cause a DoS. For more information: SA38601 SA38718 1) The "ptrace()" implementation on Itanium systems does not correctly verify the user's permissions. This can be exploited by malicious, local users to use "ptrace()" on processes they don't own. SOLUTION: Updated packages are available via Red Hat Network. http://rhn.redhat.com ORIGINAL ADVISORY: RHSA-2010-0394: https://rhn.redhat.com/errata/RHSA-2010-0394.html OTHER REFERENCES: SA38601: http://secunia.com/advisories/38601/ SA38718: http://secunia.com/advisories/38718/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed May 5 11:27:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 5 May 2010 20:27:25 +0200 Subject: [SEC] [SA39676] JBoss Enterprise Web Server update for httpd and httpd22 Message-ID: <201005051827.o45IRPN0013454@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: JBoss Enterprise Web Server update for httpd and httpd22 SECUNIA ADVISORY ID: SA39676 VERIFY ADVISORY: http://secunia.com/advisories/39676/ DESCRIPTION: Red Hat has issued an update for httpd and httpd22 for JBoss Enterprise Web Server. This fixes two vulnerabilities, which can be exploited by malicious people to gain access to potentially sensitive information or cause a DoS (Denial of Service). For more information see vulnerabilities #1 and #3 in: SA38776 SOLUTION: Updated packages are available via Red Hat Network. http://rhn.redhat.com ORIGINAL ADVISORY: https://rhn.redhat.com/errata/RHSA-2010-0396.html OTHER REFERENCES: SA38776: http://secunia.com/advisories/38776/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed May 5 12:27:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 5 May 2010 21:27:23 +0200 Subject: [SEC] [SA39610] 360 Anti-Virus / Security Guard profos.sys Denial of Service Message-ID: <201005051927.o45JRNoE003342@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: 360 Anti-Virus / Security Guard profos.sys Denial of Service SECUNIA ADVISORY ID: SA39610 VERIFY ADVISORY: http://secunia.com/advisories/39610/ DESCRIPTION: A vulnerability has been reported in 360 Anti-Virus and 360 Security Guard, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the profos.sys driver when processing userspace data. This can be exploited to cause a system crash via a specially crafted IOCTL. SOLUTION: Restrict local access to trusted users only. PROVIDED AND/OR DISCOVERED BY: NT Internals ORIGINAL ADVISORY: http://www.ntinternals.org/ntiadv1002/ntiadv1002.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed May 5 13:27:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 5 May 2010 22:27:30 +0200 Subject: [SEC] [SA39668] 360 Anti-Virus / Security Guard 360FkAdv.sys Denial of Service Message-ID: <201005052027.o45KRUJq025652@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: 360 Anti-Virus / Security Guard 360FkAdv.sys Denial of Service SECUNIA ADVISORY ID: SA39668 VERIFY ADVISORY: http://secunia.com/advisories/39668/ DESCRIPTION: A vulnerability has been reported in 360 Anti-Virus and 360 Security Guard, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the 360FkAdv.sys driver when processing userspace data. This can be exploited to cause a system crash via a specially crafted IOCTL. The vulnerability is reported in 360 Anti-Virus versions prior to 1.1.0.1096 and 360 Security Guard versions prior to 6.1.5.1010. SOLUTION: Update to a fixed version. 360 Anti-Virus: Update to version 1.1.0.1096 or later. 360 Security Guard: Update to version 6.1.5.1010 or later. PROVIDED AND/OR DISCOVERED BY: NT Internals ORIGINAL ADVISORY: http://www.ntinternals.org/ntiadv1002/ntiadv1002.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed May 5 14:21:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 5 May 2010 23:21:24 +0200 Subject: [SEC] [SA39634] 360 Safe SafeBoxKrnl.sys Two Vulnerabilities Message-ID: <201005052121.o45LLOfh015387@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: 360 Safe SafeBoxKrnl.sys Two Vulnerabilities SECUNIA ADVISORY ID: SA39634 VERIFY ADVISORY: http://secunia.com/advisories/39634/ DESCRIPTION: Two vulnerabilities have been reported in 360 Safe, which can be exploited by malicious, local users to perform certain actions with escalated privileges, cause a DoS (Denial of Service), or potentially gain escalated privileges. 1) The SafeBoxKrnl.sys driver improperly passes userspace pointers to the "IoFreeMdl()" function when processing IOCTLs. This can be exploited to corrupt kernel memory and cause a system crash or potentially execute arbitrary code with escalated privileges. 2) An error in the SafeBoxKrnl.sys driver can be exploited to terminate an arbitrary process via a specially crafted IOCTL. The vulnerabilities are reported in versions prior to 3.0.0.1010. SOLUTION: Update to version 3.0.0.1010 or later. PROVIDED AND/OR DISCOVERED BY: NT Internals ORIGINAL ADVISORY: http://www.ntinternals.org/ntiadv1003/ntiadv1003.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed May 5 14:42:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 5 May 2010 23:42:23 +0200 Subject: [SEC] [SA39690] Knowledgeroot Knowledgebase FCKeditor File Upload Security Issue Message-ID: <201005052142.o45LgN2n003529@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: Knowledgeroot Knowledgebase FCKeditor File Upload Security Issue SECUNIA ADVISORY ID: SA39690 VERIFY ADVISORY: http://secunia.com/advisories/39690/ DESCRIPTION: A security issue has been discovered in Knowledgeroot Knowledgebase, which can be exploited by malicious people to bypass certain security restrictions. Access to the enabled FCKeditor component is not properly restricted, which can be exploited to e.g upload files of certain types. The security issue is confirmed in version 0.9.9.5. Other versions may also be affected. SOLUTION: Restrict access to the extension/fckeditor/fckeditor/editor/filemanager/connectors directory (e.g. via .htaccess) PROVIDED AND/OR DISCOVERED BY: eidelweiss ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed May 5 14:54:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 5 May 2010 23:54:25 +0200 Subject: [SEC] [SA39703] Ziepod RSS Feed Script Insertion Vulnerability Message-ID: <201005052154.o45LsPj5023675@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: Ziepod RSS Feed Script Insertion Vulnerability SECUNIA ADVISORY ID: SA39703 VERIFY ADVISORY: http://secunia.com/advisories/39703/ DESCRIPTION: A vulnerability has been discovered in Ziepod, which can be exploited by malicious people to conduct script insertion attacks. The vulnerability is caused due to an input validation error in the processing of e.g. the description field in RSS feeds. This can be exploited to inject and execute arbitrary HTML and script code in context of the RSS feed content by tricking a user into adding a malicious RSS feed. The vulnerability is confirmed in Ziepod+ version 1.0. Other versions may also be affected. SOLUTION: Do not add RSS feeds from untrusted sources. PROVIDED AND/OR DISCOVERED BY: sinn3r, Corelan Security Team ORIGINAL ADVISORY: http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-037-ziepod-1-0-cross-application-scripting/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed May 5 15:07:53 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 6 May 2010 00:07:53 +0200 Subject: [SEC] [SA39667] KV AntiVirus 2010 Local Denial of Service Vulnerabilities Message-ID: <201005052207.o45M7rEM011483@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: KV AntiVirus 2010 Local Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA39667 VERIFY ADVISORY: http://secunia.com/advisories/39667/ DESCRIPTION: Some vulnerabilities have been reported in KV AntiVirus 2010, which can be exploited by malicious, local users to cause a DoS (Denial of Service). 1) Multiple errors in KRegEx.sys when processing parameters passed to various hooked functions (e.g. "NtCreateKey()", "NtOpenKey()") can be exploited to crash an affected system. 2) A NULL-pointer dereference error in the KRegEx.sys driver can be exploited to cause a system crash via a specially crafted 0x88008068 IOCTL. The vulnerabilities are reported in versions prior to 13.0.10.111. SOLUTION: Update to version 13.0.10.111. PROVIDED AND/OR DISCOVERED BY: NT Internals ORIGINAL ADVISORY: http://www.ntinternals.org/ntiadv1004/ntiadv1004.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed May 5 15:21:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 6 May 2010 00:21:31 +0200 Subject: [SEC] [SA39709] Adobe Photoshop CS3 TIFF File Processing Vulnerabilities Message-ID: <201005052221.o45MLVeN031682@CRON-IX-2.intnet> ---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales at secunia.com ---------------------------------------------------------------------- TITLE: Adobe Photoshop CS3 TIFF File Processing Vulnerabilities SECUNIA ADVISORY ID: SA39709 VERIFY ADVISORY: http://secunia.com/advisories/39709/ DESCRIPTION: Some vulnerabilities have been reported in Adobe Photoshop CS3, which can be exploited by malicious people to compromise a user's system. For more information: SA39711 SOLUTION: Upgrade to a higher version. OTHER REFERENCES: SA39711: http://secunia.com/advisories/39711/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 6 10:26:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 6 May 2010 19:26:33 +0200 Subject: [SEC] [SA39694] CF Image Host File Upload Vulnerability Message-ID: <201005061726.o46HQX1D000468@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: CF Image Host File Upload Vulnerability SECUNIA ADVISORY ID: SA39694 VERIFY ADVISORY: http://secunia.com/advisories/39694/ DESCRIPTION: A vulnerability has been reported in CF Image Host, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the upload.php script improperly validating uploaded files. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script. The vulnerability is reported in version 1.1. Other versions may also be affected. SOLUTION: Update to version 1.1.1. PROVIDED AND/OR DISCOVERED BY: The.Morpheus ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/12472 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 6 11:27:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 6 May 2010 20:27:27 +0200 Subject: [SEC] [SA39658] Drupal ImageField Module Information Disclosure Security Issue Message-ID: <201005061827.o46IRRF9022895@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Drupal ImageField Module Information Disclosure Security Issue SECUNIA ADVISORY ID: SA39658 VERIFY ADVISORY: http://secunia.com/advisories/39658/ DESCRIPTION: A security issue has been reported in the ImageField module for Drupal, which can be exploited by malicious people to disclose potentially sensitive information. The security issue exists due to improper access permission checks for thumbnails of restricted images when the Private Downloads setting is used and can be exploited to view the thumbnail. The security issue is reported in versions prior to 6.x-3.3. SOLUTION: Update to version 6.x-3.3 or later PROVIDED AND/OR DISCOVERED BY: The vendor credits vb1. ORIGINAL ADVISORY: SA-CONTRIB-2010-041: http://drupal.org/node/791054 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 6 12:26:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 6 May 2010 21:26:33 +0200 Subject: [SEC] [SA39660] Drupal FileField Module Arbitrary File Upload Security Issue Message-ID: <201005061926.o46JQXBV012770@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Drupal FileField Module Arbitrary File Upload Security Issue SECUNIA ADVISORY ID: SA39660 VERIFY ADVISORY: http://secunia.com/advisories/39660/ DESCRIPTION: A security issue has been reported in the FileField module for Drupal, which potentially can be exploited by malicious users to compromise a vulnerable system. The security issue exists due to improper creation of a default extension for a new file field when the field configuration page is not saved and can be exploited to upload arbitrary files to a directory inside the webroot. Successful exploitation may allow execution of arbitrary PHP code but requires "create" or "edit" permission for the file field. The security issue is reported in versions prior to 6.x-3.3. SOLUTION: Update to version 6.x-3.3 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits David Rothstein of the Drupal Security Team ORIGINAL ADVISORY: SA-CONTRIB-2010-040: http://drupal.org/node/791050 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 6 13:26:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 6 May 2010 22:26:32 +0200 Subject: [SEC] [SA39626] Piwigo Two Cross-Site Scripting Vulnerabilities Message-ID: <201005062026.o46KQWxV002663@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Piwigo Two Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA39626 VERIFY ADVISORY: http://secunia.com/advisories/39626/ DESCRIPTION: Two vulnerabilities have been discovered in Piwigo, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "login" and "mail_address" parameters in register.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 2.0.9. Other versions may also be affected. SOLUTION: The vulnerabilities are fixed in the SVN repository. PROVIDED AND/OR DISCOVERED BY: Mohammed Boumediane, Vupen. ORIGINAL ADVISORY: http://piwigo.org/code/wsvn/Piwigo?op=revision&rev=5936 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 6 14:20:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 6 May 2010 23:20:29 +0200 Subject: [SEC] [SA39666] Piwik "form_url" Cross-Site Scripting Vulnerability Message-ID: <201005062120.o46LKTJo024812@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Piwik "form_url" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA39666 VERIFY ADVISORY: http://secunia.com/advisories/39666/ DESCRIPTION: A vulnerability has been discovered in Piwik, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "form_url" parameter in index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 0.5.5. Other versions may also be affected. SOLUTION: Update to version 0.6 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://piwik.org/blog/2010/04/piwik-0-6-security-advisory/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 6 14:41:55 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 6 May 2010 23:41:55 +0200 Subject: [SEC] [SA39642] Lexmark Printers HTTP "Authorization" Header Denial of Service Message-ID: <201005062141.o46Lftf8012977@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Lexmark Printers HTTP "Authorization" Header Denial of Service SECUNIA ADVISORY ID: SA39642 VERIFY ADVISORY: http://secunia.com/advisories/39642/ DESCRIPTION: A vulnerability has been reported in various Lexmark printers, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing certain HTTP "Authentication" headers. This can be exploited to e.g. crash a vulnerable device by sending HTTP requests containing certain invalid characters in the "Authentication" header to the device's TCP services making use of HTTP (e.g. ports 80, 443, 8000, and 631). Please see the vendor advisory for a list of affected products and versions. SOLUTION: Please see the vendor advisory for details on how to obtain an updated firmware or to apply a workaround. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://support.lexmark.com/index?page=content&id=TE87&locale=EN&userlocale=EN_US ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 6 14:53:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 6 May 2010 23:53:43 +0200 Subject: [SEC] [SA39693] Joomla! Table JX Component Two Cross-Site Scripting Vulnerabilities Message-ID: <201005062153.o46Lrhe5000667@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Joomla! Table JX Component Two Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA39693 VERIFY ADVISORY: http://secunia.com/advisories/39693/ DESCRIPTION: Valentin Hoebel has reported some vulnerabilities in the Table JX component for Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "data_search" and "rpp" parameters to index.php (when "option" is set to "com_grid" and "gid" is set) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in version 1.5. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Valentin Hoebel ORIGINAL ADVISORY: http://www.xenuser.org/documents/security/joomla_com_table_jx_xss.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 6 15:07:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 7 May 2010 00:07:25 +0200 Subject: [SEC] [SA39636] IBM WebSphere MQ Channel Control Denial of Service Message-ID: <201005062207.o46M7PbV020951@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: IBM WebSphere MQ Channel Control Denial of Service SECUNIA ADVISORY ID: SA39636 VERIFY ADVISORY: http://secunia.com/advisories/39636/ DESCRIPTION: A vulnerability has been reported in IBM WebSphere MQ, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error in the handling of channel control flow and can be exploited to cause the MQ server channel process to crash via specially crafted channel control data. Successful exploitation requires authentication. The vulnerability is reported in version prior to 7.0.1.2. SOLUTION: The vulnerability will be fixed in version 7.0.1.2. PROVIDED AND/OR DISCOVERED BY: Reported by IBM X-Force. ORIGINAL ADVISORY: IBM X-Force: http://xforce.iss.net/xforce/xfdb/58039 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 6 15:21:53 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 7 May 2010 00:21:53 +0200 Subject: [SEC] [SA39704] TYPO3 Cumulus Tagcloud Extension "tagcloud" Cross Site Scripting Vulnerability Message-ID: <201005062221.o46MLriR008804@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: TYPO3 Cumulus Tagcloud Extension "tagcloud" Cross Site Scripting Vulnerability SECUNIA ADVISORY ID: SA39704 VERIFY ADVISORY: http://secunia.com/advisories/39704/ DESCRIPTION: MustLive has discovered a vulnerability in the Cumulus Tagcloud extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "tagcloud" parameter to typo3conf/ext/t3m_cumulus_tagcloud/pi1/tagcloud.swf (when "mode" is set to "tags") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 3.1.1. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: MustLive ORIGINAL ADVISORY: http://websecurity.com.ua/4181/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 6 15:41:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 7 May 2010 00:41:33 +0200 Subject: [SEC] [SA39644] Drupal CCK TableField Module Script Insertion Vulnerability Message-ID: <201005062241.o46MfXbQ029292@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Drupal CCK TableField Module Script Insertion Vulnerability SECUNIA ADVISORY ID: SA39644 VERIFY ADVISORY: http://secunia.com/advisories/39644/ DESCRIPTION: A vulnerability has been reported in the CCK TableField module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Input passed via table headers when attaching data to a node is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerability is reported in versions prior to 6.x-1.2. SOLUTION: Update to version 6.x-1.2 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits mr.baileys of the Drupal Security Team. ORIGINAL ADVISORY: SA-CONTRIB-2010-039: http://drupal.org/node/790998 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 6 15:53:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 7 May 2010 00:53:32 +0200 Subject: [SEC] [SA39635] Fedora update for nss_db Message-ID: <201005062253.o46MrWZD017043@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Fedora update for nss_db SECUNIA ADVISORY ID: SA39635 VERIFY ADVISORY: http://secunia.com/advisories/39635/ DESCRIPTION: Fedora has issued an update for nss_db. This fixes a security issue, which can be exploited by malicious, local users to disclose potentially sensitive information. For more information: SA39165 SOLUTION: Apply updated packages via the yum utility ("yum update nss_db"). ORIGINAL ADVISORY: FEDORA-2010-6361: http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040881.html FEDORA-2010-6331: http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040907.html OTHER REFERENCES: SA39165: http://secunia.com/advisories/39165/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 6 16:07:52 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 7 May 2010 01:07:52 +0200 Subject: [SEC] [SA39661] Wireshark DOCSIS Dissector Denial of Service Vulnerability Message-ID: <201005062307.o46N7qjE004878@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Wireshark DOCSIS Dissector Denial of Service Vulnerability SECUNIA ADVISORY ID: SA39661 VERIFY ADVISORY: http://secunia.com/advisories/39661/ DESCRIPTION: A vulnerability has been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the DOCSIS (Data Over Cable Service Interface Specifications) dissector and can be exploited to e.g. cause a crash via specially crafted DOCSIS traffic. The vulnerability is reported in 0.9.6 through 1.0.12 and version 1.2.0 through 1.2.7. SOLUTION: Update to version 1.0.13 or 1.2.8. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.wireshark.org/security/wnpa-sec-2010-03.html http://www.wireshark.org/security/wnpa-sec-2010-04.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 7 10:26:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 7 May 2010 19:26:48 +0200 Subject: [SEC] [SA39752] Consona CRM Suite Repair Service Privilege Escalation Vulnerability Message-ID: <201005071726.o47HQmH7009655@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Consona CRM Suite Repair Service Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA39752 VERIFY ADVISORY: http://secunia.com/advisories/39752/ DESCRIPTION: A vulnerability has been reported in Consona CRM Suite, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the Repair Service (tgsrv.exe) using a weak method to verify the origin of commands received via the local named pipe. This can be exploited to e.g. execute arbitrary files with elevated privileges by sending specially crafted commands to the Repair Service. Note: This may only affect systems running Windows Vista or Windows 7. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Rub?n Santamarta ORIGINAL ADVISORY: Wintercore: http://www.wintercore.com/downloads/rootedcon_0day.pdf Consona: http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf OTHER REFERENCES: US-CERT VU#602801: http://www.kb.cert.org/vuls/id/602801 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 7 11:26:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 7 May 2010 20:26:38 +0200 Subject: [SEC] [SA39740] Consona CRM Suite Password Reset and Cross-Site Scripting Vulnerabilities Message-ID: <201005071826.o47IQcM6031946@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Consona CRM Suite Password Reset and Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA39740 VERIFY ADVISORY: http://secunia.com/advisories/39740/ DESCRIPTION: Some vulnerabilities have been reported in Consona CRM Suite, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks. 1) An error exists within the password reset mechanism, which can be exploited to reset a user's password. Successful exploitation requires that the question and the answer fields of the hint on the "Forgot Password" page are empty. 2) Certain input passed to certain ASP pages of the Consona web server is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Apply patches available through Experts Exchange: http://expert.supportsoft.com/sdchealtop/framework/frameset.asp 1) Apply patch 1376. 2) Apply patches 1379 and 1381. PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor. 2) Rub?n Santamarta ORIGINAL ADVISORY: Wintercore: http://www.wintercore.com/downloads/rootedcon_0day.pdf Consona: http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf OTHER REFERENCES: US-CERT VU#602801: http://www.kb.cert.org/vuls/id/602801 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 7 12:26:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 7 May 2010 21:26:35 +0200 Subject: [SEC] [SA39689] Jaws "url" Script Insertion Vulnerability Message-ID: <201005071926.o47JQZH2021853@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Jaws "url" Script Insertion Vulnerability SECUNIA ADVISORY ID: SA39689 VERIFY ADVISORY: http://secunia.com/advisories/39689/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in Jaws, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "url" parameter to index.php (when "gadget" is set to "Users" and "action" is set to "Update Profile") is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerability is confirmed in version 0.8.12. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: http://www.htbridge.ch/advisory/xss_vulnerability_in_jaws.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 7 13:26:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 7 May 2010 22:26:35 +0200 Subject: [SEC] [SA39702] My Little Forum Two Cross-Site Scripting Vulnerabilities Message-ID: <201005072026.o47KQZiW011762@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: My Little Forum Two Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA39702 VERIFY ADVISORY: http://secunia.com/advisories/39702/ DESCRIPTION: Two vulnerabilities have been discovered in My Little Forum, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "id" and "back" parameters in index.php (when "mode" is set to "posting") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 2.1.4. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Mohammed Boumediane, Vupen ORIGINAL ADVISORY: http://www.vupen.com/english/advisories/2010/1032 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 7 14:20:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 7 May 2010 23:20:35 +0200 Subject: [SEC] [SA39717] Factux Multiple File Inclusion Vulnerabilities Message-ID: <201005072120.o47LKZtL001427@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Factux Multiple File Inclusion Vulnerabilities SECUNIA ADVISORY ID: SA39717 VERIFY ADVISORY: http://secunia.com/advisories/39717/ DESCRIPTION: Multiple vulnerabilities have been discovered in Factux, which can be exploited by malicious people to disclose potentially sensitive information. Input passed to the "lang" parameter in admin_modif.php, admin.php, article_new.php, article_update.php, backup.php, backup_timeout.php, bon_suite.php, and ca_annee.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes. Successful exploitation requires that "magic_quotes_gpc" is disabled and "register_globals" is enabled. The vulnerabilities are confirmed in version 1.1.5. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: altbta ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/12521 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 7 14:41:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 7 May 2010 23:41:36 +0200 Subject: [SEC] [SA39649] Red Hat update for kernel Message-ID: <201005072141.o47Lfal1022029@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for kernel SECUNIA ADVISORY ID: SA39649 VERIFY ADVISORY: http://secunia.com/advisories/39649/ DESCRIPTION: Red Hat has issued an update for the kernel. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service). For more information: SA38317 SA38354 SA38718 1) An error exists within the MMIO (Memory-mapped I/O) instruction decoder of the Xen hypervisor. This can be exploited to e.g. cause a guest system to crash if a guest userspace program tricks the hypervisor into emulating a certain instruction. Successful exploitation requires a 32bit system and access to an MMIO region. SOLUTION: Updated packages are available via Red Hat Network. http://rhn.redhat.com PROVIDED AND/OR DISCOVERED BY: 1) Paolo Bonzini ORIGINAL ADVISORY: RHSA-2010:0398-1: https://rhn.redhat.com/errata/RHSA-2010-0398.html OTHER REFERENCES: SA38317: http://secunia.com/advisories/38317/ SA38354: http://secunia.com/advisories/38354/ SA38718: http://secunia.com/advisories/38718/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 7 14:53:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 7 May 2010 23:53:32 +0200 Subject: [SEC] [SA39747] X-Motor Racing Server Multiple Vulnerabilities Message-ID: <201005072153.o47LrWec009771@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: X-Motor Racing Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA39747 VERIFY ADVISORY: http://secunia.com/advisories/39747/ DESCRIPTION: Luigi Auriemma has discovered some vulnerabilities in X-Motor Racing, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. 1) A boundary error in the server implementation can be exploited to cause a stack-based buffer overflow via a specially crafted IP_CAR_INFO packet. Successful exploitation allows execution of arbitrary code. 2) Two errors when processing received packets can be exploited to trigger an out-of-memory exception and terminate an affected server. The vulnerabilities are confirmed in demo version 1.26. Other versions may also be affected. SOLUTION: Host games in trusted networks only. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/xmotorbof-adv.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 7 15:07:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 8 May 2010 00:07:21 +0200 Subject: [SEC] [SA39716] AzDGDatingMedium Multiple Vulnerabilities Message-ID: <201005072207.o47M7LnW029994@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: AzDGDatingMedium Multiple Vulnerabilities SECUNIA ADVISORY ID: SA39716 VERIFY ADVISORY: http://secunia.com/advisories/39716/ DESCRIPTION: Some vulnerabilities have been reported in AzDGDatingMedium, where one has unknown impacts while others can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed to bad.php, ban.php, bedroom.php, birthday.php, mail.php, send.php, stat.php, links.php, and login.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) An unspecified error exists within photos.php. Further information is currently not available. SOLUTION: Update to version 1.9.5. PROVIDED AND/OR DISCOVERED BY: 1) Mohammed Boumediane, Vupen 2) Reported by the vendor ORIGINAL ADVISORY: AzDG: http://www.azdg.com/scripts/AzDGDatingMedium/docs/ChangeLog.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 7 15:20:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 8 May 2010 00:20:33 +0200 Subject: [SEC] [SA39662] vBulletin BB Code Script Insertion Vulnerability Message-ID: <201005072220.o47MKXbU017788@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: vBulletin BB Code Script Insertion Vulnerability SECUNIA ADVISORY ID: SA39662 VERIFY ADVISORY: http://secunia.com/advisories/39662/ DESCRIPTION: MaXe has reported a vulnerability in vBulletin, which can be exploited by malicious users to conduct script insertion attacks. The vulnerability exists in the parsing of BB Code when creating content that uses custom tags. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires that "Custom BB Code" tags utilize HTML tags without quotation in e.g. "href" attribute of the "a" tag. The vulnerability is reported in version 3.8.4 PL2 and 4.0.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Reportedly, the vulnerability will be fixed in version 4.0.4. PROVIDED AND/OR DISCOVERED BY: MaXe of InterN0T ORIGINAL ADVISORY: http://forum.intern0t.net/intern0t-advisories/2528-vbulletin-3-8-4-pl2-insecure-custom-bbcode.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 7 15:41:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 8 May 2010 00:41:25 +0200 Subject: [SEC] [SA39720] GetSimple CMS "file" File Disclosure Vulnerability Message-ID: <201005072241.o47MfPT6005919@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: GetSimple CMS "file" File Disclosure Vulnerability SECUNIA ADVISORY ID: SA39720 VERIFY ADVISORY: http://secunia.com/advisories/39720/ DESCRIPTION: A vulnerability has been discovered in GetSimple CMS, which can be exploited by malicious users to disclose potentially sensitive information. Input passed to the "file" parameter in admin/download.php is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary local files. The vulnerability is confirmed in version 2.01. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Batch ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 7 15:53:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 8 May 2010 00:53:29 +0200 Subject: [SEC] [SA39738] PCRE "compile_branch()" Buffer Overflow Vulnerability Message-ID: <201005072253.o47MrTKD026065@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: PCRE "compile_branch()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA39738 VERIFY ADVISORY: http://secunia.com/advisories/39738/ DESCRIPTION: Michael Santos has discovered a vulnerability in PCRE, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. The vulnerability is caused due to a boundary error within the "compile_branch()" function pcre_compile.c. This can be exploited to cause a stack-based buffer overflow via a specially crafted regular expression. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in version 8.01. Prior versions may also be affected. SOLUTION: Update to version 8.02. PROVIDED AND/OR DISCOVERED BY: Michael Santos ORIGINAL ADVISORY: http://bugs.exim.org/show_bug.cgi?id=962 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 7 16:07:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 8 May 2010 01:07:19 +0200 Subject: [SEC] [SA39737] Avaya Products Firefox Multiple Vulnerabilities Message-ID: <201005072307.o47N7JTX013882@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Avaya Products Firefox Multiple Vulnerabilities SECUNIA ADVISORY ID: SA39737 VERIFY ADVISORY: http://secunia.com/advisories/39737/ DESCRIPTION: Avaya has acknowledged some vulnerabilities Firefox included in Avaya products, which can be exploited by malicious people to manipulate certain data, bypass certain security restrictions, and potentially compromise a user's system. For more information: SA38566 SOLUTION: The vendor recommends that local and network access to the affected systems be restricted until an update is available. ORIGINAL ADVISORY: ASA-2010-125: https://support.avaya.com/css/P8/documents/100081759 OTHER REFERENCES: SA38566: http://secunia.com/advisories/38566/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 7 16:22:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 8 May 2010 01:22:44 +0200 Subject: [SEC] [SA39724] Ubuntu update for texlive-bin Message-ID: <201005072322.o47NMil1001723@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for texlive-bin SECUNIA ADVISORY ID: SA39724 VERIFY ADVISORY: http://secunia.com/advisories/39724/ DESCRIPTION: Ubuntu has issued an update for texlive-bin. This fixes multiple vulnerabilities, which can potentially be exploited by malicious people to cause a DoS (Denial of Service) and compromise a user's system. For more information: SA34445 SA39390 SOLUTION: Apply updated packages. -- Ubuntu 8.04 LTS -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007.dfsg.1-2ubuntu0.1.diff.gz Size/MD5: 232440 57916604c614689a01685a191e88258e http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007.dfsg.1-2ubuntu0.1.dsc Size/MD5: 1324 c99680c940f5ce0a8a637f923958b5e0 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007.dfsg.1.orig.tar.gz Size/MD5: 70262321 8c96d9dee6574a23f35982a60f75a8e9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.1-2ubuntu0.1_amd64.deb Size/MD5: 157496 3a443c0f131af32761ef10a328aa33b5 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.1-2ubuntu0.1_amd64.deb Size/MD5: 114660 d512aa89320da7e075ff88696521d8d5 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.1-2ubuntu0.1_amd64.deb Size/MD5: 8602760 e04ed21100816cb8ce4dc3848cfbb38b http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.1-2ubuntu0.1_amd64.deb Size/MD5: 2647322 b39c2559fa087fd60a44b44a08230d4e http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.1-2ubuntu0.1_amd64.deb Size/MD5: 649320 3eaf463fcfd40368859f012bdae17008 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.1-2ubuntu0.1_amd64.deb Size/MD5: 996998 c51066459d553d1eaf1e9007e9d2ccda http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.1-2ubuntu0.1_amd64.deb Size/MD5: 6703196 92632c178473fa99243dece1a5d74666 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.1-2ubuntu0.1_amd64.deb Size/MD5: 6792992 911838b2a3c6f0b218902f1ff39a50c1 http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.1-2ubuntu0.1_amd64.deb Size/MD5: 598294 4cff95b67706ac3a232886d501dd2eec http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.1-2ubuntu0.1_amd64.deb Size/MD5: 1715496 fac485d66754efb7e748d7f53a790995 http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.1-2ubuntu0.1_amd64.deb Size/MD5: 2789356 455b37232463313ad5bbf714b074d086 http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-xetex_2007.dfsg.1-2ubuntu0.1_amd64.deb Size/MD5: 6454074 559ef95a4a1a9ed3f3a9ffcd9a99c94c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.1-2ubuntu0.1_i386.deb Size/MD5: 150322 3e37c5adef9280b413ad7b989a61e516 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.1-2ubuntu0.1_i386.deb Size/MD5: 112434 ae90b53a790619fa4fc577fb1ed1ce87 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.1-2ubuntu0.1_i386.deb Size/MD5: 8602774 23891dd633d999e49e44b08f8039d7d0 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.1-2ubuntu0.1_i386.deb Size/MD5: 2383998 eb537ea2278c63a775319374f8087f15 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.1-2ubuntu0.1_i386.deb Size/MD5: 573342 767840105483b1f79ee7bb48557bd3f5 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.1-2ubuntu0.1_i386.deb Size/MD5: 961696 47331bf706c24204db28d401a508c568 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.1-2ubuntu0.1_i386.deb Size/MD5: 6701628 3655d2cae86230bdee8e9aacb6f4d1f5 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.1-2ubuntu0.1_i386.deb Size/MD5: 6793020 98f36babea9b2acdd5844678964ee425 http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.1-2ubuntu0.1_i386.deb Size/MD5: 561102 6a114628b024d0c91ac9ed4a87c06e69 http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.1-2ubuntu0.1_i386.deb Size/MD5: 1715506 4c128393a8a1727cd643147001ca3940 http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.1-2ubuntu0.1_i386.deb Size/MD5: 2669080 c005c81fecfaf5593ae934b2fbf01b7c http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-xetex_2007.dfsg.1-2ubuntu0.1_i386.deb Size/MD5: 6366524 65e43069198910abba054179cc631f30 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.1-2ubuntu0.1_lpia.deb Size/MD5: 150368 56df65d9c356de18d998943644e7cfca http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.1-2ubuntu0.1_lpia.deb Size/MD5: 112256 28ba175b7bd8845f80b419dcad183bc2 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.1-2ubuntu0.1_lpia.deb Size/MD5: 8602762 e1a47383a9a26768c3506e375bd0b7b6 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.1-2ubuntu0.1_lpia.deb Size/MD5: 2414550 54a4860933c6260481a5e1d0f55a1a2f http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.1-2ubuntu0.1_lpia.deb Size/MD5: 578348 c5ba4294373053e647a454887baec414 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.1-2ubuntu0.1_lpia.deb Size/MD5: 964394 9b9d8a643ab69f883617555f11eb0efe http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.1-2ubuntu0.1_lpia.deb Size/MD5: 6701594 e08701287186bae099e0e8c217b091cb http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.1-2ubuntu0.1_lpia.deb Size/MD5: 6792974 5e61f08e1b6aee8705f12a06e5effa2d http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.1-2ubuntu0.1_lpia.deb Size/MD5: 565580 1484ed100b6c35cff8440c023f88be79 http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.1-2ubuntu0.1_lpia.deb Size/MD5: 1715520 1a92d33826216d4ed7dbeeddeff783e2 http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.1-2ubuntu0.1_lpia.deb Size/MD5: 2682388 3f3a0b899f73c2e62203a17ae6c96d34 http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-xetex_2007.dfsg.1-2ubuntu0.1_lpia.deb Size/MD5: 6387538 e55ab6b582618a560dc734d16d0ab578 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.1-2ubuntu0.1_powerpc.deb Size/MD5: 159804 0b558b82f36793540fca99839c8feb0f http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.1-2ubuntu0.1_powerpc.deb Size/MD5: 119658 ef3446c9ece96c8aa44ab93297637a0e http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.1-2ubuntu0.1_powerpc.deb Size/MD5: 8602764 a1db480b79a602217ea89be5a93bd370 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.1-2ubuntu0.1_powerpc.deb Size/MD5: 2660712 e8dfdc6959ff7bacb4f845a4a24f6f48 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.1-2ubuntu0.1_powerpc.deb Size/MD5: 698106 36c371a5ff37a5de7cd427ea877a77c8 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.1-2ubuntu0.1_powerpc.deb Size/MD5: 1017276 fdb2a9654a990795c8d3c57368fafe77 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.1-2ubuntu0.1_powerpc.deb Size/MD5: 6704498 4709a0f302f5346a3d6ab5c3fbcc2082 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.1-2ubuntu0.1_powerpc.deb Size/MD5: 6793068 28ae564353f52010ad92a7338d30ab06 http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.1-2ubuntu0.1_powerpc.deb Size/MD5: 604766 5600c51f97b0771d855e77cc700c8ba8 http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.1-2ubuntu0.1_powerpc.deb Size/MD5: 1715544 42d9701b7ae5b4b1ae321319d007da87 http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.1-2ubuntu0.1_powerpc.deb Size/MD5: 2777364 ce1b6c68fa568cc2f91087fe9f4ed5f5 http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-xetex_2007.dfsg.1-2ubuntu0.1_powerpc.deb Size/MD5: 6574064 b62fe7def1df5581d2f4c4c89dc2990b sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.1-2ubuntu0.1_sparc.deb Size/MD5: 155430 5f7a48c2c5c736030c3df948f1d0c362 http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.1-2ubuntu0.1_sparc.deb Size/MD5: 114680 709b660a1e0cbf3ba90a33c6fd4ae9a6 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.1-2ubuntu0.1_sparc.deb Size/MD5: 8602826 678335c487ebdcc9f5d7b4ae6eaa6989 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.1-2ubuntu0.1_sparc.deb Size/MD5: 2516432 fe8d7e4b51df322ec8b52e8dff6f352a http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.1-2ubuntu0.1_sparc.deb Size/MD5: 619554 3a81871a23af2c8853f224a07413bb47 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.1-2ubuntu0.1_sparc.deb Size/MD5: 985088 1e6bcd5a9a680c39717f5e9350769d62 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.1-2ubuntu0.1_sparc.deb Size/MD5: 6703370 cc8073eb404d5e90f0189479d601faed http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.1-2ubuntu0.1_sparc.deb Size/MD5: 6793070 4dd9b3a4103cd52b8b429467f90176d9 http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.1-2ubuntu0.1_sparc.deb Size/MD5: 580058 94e31f98e5fbede1ee2880d28eea0c6f http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.1-2ubuntu0.1_sparc.deb Size/MD5: 1715528 7d97f730d78769c8b217e530020ab723 http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.1-2ubuntu0.1_sparc.deb Size/MD5: 2739914 3c3bc39c03cb142937920cf9b0a1abff http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-xetex_2007.dfsg.1-2ubuntu0.1_sparc.deb Size/MD5: 6466140 e97ad23b5187f27548a90c9b0e579593 -- Ubuntu 9.04 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007.dfsg.2-4ubuntu2.1.diff.gz Size/MD5: 359647 ce7d11c058bd0b30d450f4281623f580 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007.dfsg.2-4ubuntu2.1.dsc Size/MD5: 1815 3e997ed5b8f14b354bf9846219f0d0a2 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007.dfsg.2.orig.tar.gz Size/MD5: 70727055 9b62b03b38f157b1ca9bfbd05d6c8bc7 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-4ubuntu2.1_amd64.deb Size/MD5: 165462 c817fb7834cf85cb859931aca146e3cd http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-4ubuntu2.1_amd64.deb Size/MD5: 122884 223add751ec5b893ab499cc1464a4888 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-4ubuntu2.1_amd64.deb Size/MD5: 8610450 a05c656c36efb82967f1f9e351de3329 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-4ubuntu2.1_amd64.deb Size/MD5: 2628888 fea20d04f52deae0eea6fbb08dd9706c http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-4ubuntu2.1_amd64.deb Size/MD5: 683604 32214e7ecfb3668a82c583a3345dbf3a http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-4ubuntu2.1_amd64.deb Size/MD5: 1292308 37c669c3635066d40161fdcc74981619 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-4ubuntu2.1_amd64.deb Size/MD5: 6715016 f07f790ed5c6199252590d00c33001d7 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-4ubuntu2.1_amd64.deb Size/MD5: 6801110 e76f67e032106485253f72fbfdb27e2d http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-xetex_2007.dfsg.2-4ubuntu2.1_amd64.deb Size/MD5: 6420210 ef6acde6a45526a5b06c0d3a1d91f552 http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.2-4ubuntu2.1_amd64.deb Size/MD5: 639724 34625c6efff225b6846035c315c00173 http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.2-4ubuntu2.1_amd64.deb Size/MD5: 1723142 8ceff3c7256459df5146e9856bbe4d32 http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.2-4ubuntu2.1_amd64.deb Size/MD5: 2804494 8c3cc43e5a886821314ee15f320bdc92 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-4ubuntu2.1_i386.deb Size/MD5: 158696 6cbaee28329477e85d325b4214545422 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-4ubuntu2.1_i386.deb Size/MD5: 120528 8ad1ef6ea506d14da2418c5908dace84 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-4ubuntu2.1_i386.deb Size/MD5: 8610434 c67cbb7fe9950d2502d9c4869e7e2bec http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-4ubuntu2.1_i386.deb Size/MD5: 2358188 48b81b354a9b153aa44994e61c8eeef8 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-4ubuntu2.1_i386.deb Size/MD5: 602656 ab0e3e7585904e847905926de77e916e http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-4ubuntu2.1_i386.deb Size/MD5: 1257916 bf8b83d35185c652fd408849d00e80dd http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-4ubuntu2.1_i386.deb Size/MD5: 6713590 f910e4b330e046046fe617eba15753e0 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-4ubuntu2.1_i386.deb Size/MD5: 6801202 bc4bb99b7f092bf225d9c1d580af11ee http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-xetex_2007.dfsg.2-4ubuntu2.1_i386.deb Size/MD5: 6331334 a394cc5265c45034c159c13fd4cfa903 http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.2-4ubuntu2.1_i386.deb Size/MD5: 601138 ad3b552fdc809748f6f77fbd0eadf721 http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.2-4ubuntu2.1_i386.deb Size/MD5: 1723202 4c99b2415fc6aa4ff813ffd6b065321a http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.2-4ubuntu2.1_i386.deb Size/MD5: 2681266 e3643f3fae0aea8735159920b61409b4 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-4ubuntu2.1_lpia.deb Size/MD5: 158538 3394295db6e6b2e624b1b8094285fc81 http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-4ubuntu2.1_lpia.deb Size/MD5: 120194 98f7d9213ab74efec2d0b0aca2f89217 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-4ubuntu2.1_lpia.deb Size/MD5: 8610432 2f85c50fe52afd0b08092e3453cf8ad1 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-4ubuntu2.1_lpia.deb Size/MD5: 2383522 0bf8158dd496feb21060e61a4219c01c http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-4ubuntu2.1_lpia.deb Size/MD5: 607334 0615e2d622882c0b75177b2d48ae8468 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-4ubuntu2.1_lpia.deb Size/MD5: 1258184 e8e43208babe597dc2a30f42a0837efa http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-4ubuntu2.1_lpia.deb Size/MD5: 6713338 624151e54f2d71aebf361512c4e08bb0 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-4ubuntu2.1_lpia.deb Size/MD5: 6801166 541c05d3830c65911ec941cbe4528fcb http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-xetex_2007.dfsg.2-4ubuntu2.1_lpia.deb Size/MD5: 6345048 ee44eca565f27dd958cbcf416471a541 http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.2-4ubuntu2.1_lpia.deb Size/MD5: 604260 922572ebe9bd103e55f3cf5366a16b9f http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.2-4ubuntu2.1_lpia.deb Size/MD5: 1723164 90c80aabe55eebee6a63cad6e18bb5cf http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.2-4ubuntu2.1_lpia.deb Size/MD5: 2691874 135d72612887efab28fe228cf353d759 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-4ubuntu2.1_powerpc.deb Size/MD5: 167846 c2169ce87edd90661f12b1ec7b15b2ae http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-4ubuntu2.1_powerpc.deb Size/MD5: 127588 af7826c61138a00cb549fd59a22a0b36 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-4ubuntu2.1_powerpc.deb Size/MD5: 8610442 ec732d26794f3cc951c652f9135e8622 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-4ubuntu2.1_powerpc.deb Size/MD5: 2638622 6d217ff5c2a102dc7c67f1ede2fd9ea1 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-4ubuntu2.1_powerpc.deb Size/MD5: 731882 2e9e52f438dca627348af8eb56c24bed http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-4ubuntu2.1_powerpc.deb Size/MD5: 1311134 d565efc064aa1434e4e8504073261f9e http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-4ubuntu2.1_powerpc.deb Size/MD5: 6716338 634cd359de98ff217de9d041c2750360 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-4ubuntu2.1_powerpc.deb Size/MD5: 6801182 cc26651bd2934deec7c414993d9953fe http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-xetex_2007.dfsg.2-4ubuntu2.1_powerpc.deb Size/MD5: 6516376 6223a1c13952a27f16156e69619985c9 http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.2-4ubuntu2.1_powerpc.deb Size/MD5: 646888 138369532005cdf4fb8dc77092f2675d http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.2-4ubuntu2.1_powerpc.deb Size/MD5: 1723222 15692ba2f697b346b575318988a3a3eb http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.2-4ubuntu2.1_powerpc.deb Size/MD5: 2801028 db37ae73b09217bac67aa646e0eddcfc sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-4ubuntu2.1_sparc.deb Size/MD5: 162516 46d6aeeeb7f60c4fa62301ce6014794e http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-4ubuntu2.1_sparc.deb Size/MD5: 122296 0c31ba4660bf3370a4b22430e2cd02c1 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-4ubuntu2.1_sparc.deb Size/MD5: 8610424 4581c1e196deaba2ce3eb393962c15d4 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-4ubuntu2.1_sparc.deb Size/MD5: 2510782 13ce8627e986faae459e46fddeab4d73 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-4ubuntu2.1_sparc.deb Size/MD5: 655056 598254effdef393fbadc496403c80c74 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-4ubuntu2.1_sparc.deb Size/MD5: 1282340 d2d6536cab4823046ed2897dd7d87e1c http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-4ubuntu2.1_sparc.deb Size/MD5: 6715418 25246b96532482e88a2721e7c1d3d092 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-4ubuntu2.1_sparc.deb Size/MD5: 6801150 9a45197f73432a6d138dbe9d99baac25 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-xetex_2007.dfsg.2-4ubuntu2.1_sparc.deb Size/MD5: 6423334 74025318f610fc7bdd2a7846bd8dea4b http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.2-4ubuntu2.1_sparc.deb Size/MD5: 623424 a38c5e791237fb744e395f4e2f25c88e http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.2-4ubuntu2.1_sparc.deb Size/MD5: 1723168 fee6884712e6a17f49eb9cc420188129 http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.2-4ubuntu2.1_sparc.deb Size/MD5: 2761884 af3d208b33668f96d3729a1ceb691407 -- Ubuntu 9.10 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007.dfsg.2-7ubuntu1.1.diff.gz Size/MD5: 370730 9e066108c7e5cf93566bd2ed967d39e2 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007.dfsg.2-7ubuntu1.1.dsc Size/MD5: 1833 d03412d12872c44154681014b4d11149 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-bin_2007.dfsg.2.orig.tar.gz Size/MD5: 70727055 9b62b03b38f157b1ca9bfbd05d6c8bc7 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-7ubuntu1.1_amd64.deb Size/MD5: 166956 7beb18240a1289e778e2ec6143bb9646 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-7ubuntu1.1_amd64.deb Size/MD5: 123954 4f23d93c385f2c7dabb1a17819274c0f http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-7ubuntu1.1_amd64.deb Size/MD5: 8611244 9ca303b561835bff9b44545e153a4254 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-7ubuntu1.1_amd64.deb Size/MD5: 2642970 5d920272d4441a8ddc7c94f1fb4ed9cd http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-7ubuntu1.1_amd64.deb Size/MD5: 688900 22677e66b377c4b7f8bfbccf6c1fd3f4 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-7ubuntu1.1_amd64.deb Size/MD5: 1294376 c29b1149f7a1bb9bd98e080bd892b3f1 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-7ubuntu1.1_amd64.deb Size/MD5: 6716782 b3467d6c0ad4b4d7ff3a9f89eabfbea4 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-7ubuntu1.1_amd64.deb Size/MD5: 6802130 66e264a87fa4938d921ff7b4fae86340 http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.2-7ubuntu1.1_amd64.deb Size/MD5: 642528 b0acbc78377c0eea74f3be5777d0b8db http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.2-7ubuntu1.1_amd64.deb Size/MD5: 1724582 862ca8fdb69668bc1e7ea928935aa8ee http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.2-7ubuntu1.1_amd64.deb Size/MD5: 2820784 b9f834a83e123795380922e921b10a2d http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-xetex_2007.dfsg.2-7ubuntu1.1_amd64.deb Size/MD5: 6427404 5a202cd0a74c169d28d7b1aa3148c98e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-7ubuntu1.1_i386.deb Size/MD5: 159870 18c3b66218a960c3c6b47efab46ac449 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-7ubuntu1.1_i386.deb Size/MD5: 121558 5611c6ec2670890a4c687fff5d0650ea http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-7ubuntu1.1_i386.deb Size/MD5: 8611212 99d0d42ac5afd0b274889b9044870f30 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-7ubuntu1.1_i386.deb Size/MD5: 2367810 9d5c16f1bc7208af4465168dee23fa9f http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-7ubuntu1.1_i386.deb Size/MD5: 605434 004837c3975cf7c3ca7243f865d95b28 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-7ubuntu1.1_i386.deb Size/MD5: 1259760 29cdfcd16d5edf0615037b9ee542daaa http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-7ubuntu1.1_i386.deb Size/MD5: 6715130 15b3dcf4c64b9df8b807094b96db5f99 http://security.ubuntu.com/ubuntu/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-7ubuntu1.1_i386.deb Size/MD5: 6802102 16cd6032d7f45e89071bddb4e68f1469 http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.2-7ubuntu1.1_i386.deb Size/MD5: 604348 a76b3019dc8b62a6aa4bac64af76b798 http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.2-7ubuntu1.1_i386.deb Size/MD5: 1724588 082d700e3dfabfd766b069d940a36c1a http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.2-7ubuntu1.1_i386.deb Size/MD5: 2689608 36a0589de9187ecedb5005da147f27f1 http://security.ubuntu.com/ubuntu/pool/universe/t/texlive-bin/texlive-xetex_2007.dfsg.2-7ubuntu1.1_i386.deb Size/MD5: 6344260 7a0e09629e9b321efb53d26811130c4a lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-7ubuntu1.1_lpia.deb Size/MD5: 160122 5282f8875c9282ad555082a1601dfe69 http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-7ubuntu1.1_lpia.deb Size/MD5: 121490 7d134d12cd865f3d7fca3d9c3a1f177a http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-7ubuntu1.1_lpia.deb Size/MD5: 8611222 e091d389a556cca704344bb20968421c http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-7ubuntu1.1_lpia.deb Size/MD5: 2396624 6a5fd16ae2cbf32be0d486747fb98840 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-7ubuntu1.1_lpia.deb Size/MD5: 613542 76562d6d7e532d389230be20631220fd http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-7ubuntu1.1_lpia.deb Size/MD5: 1261552 ff48bf063ceac134c105bbd8ce71ca57 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-7ubuntu1.1_lpia.deb Size/MD5: 6715096 a671997d9a583eea45932eec174a5626 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-7ubuntu1.1_lpia.deb Size/MD5: 6802070 3b6e991e99c7adff752c51ec38018818 http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.2-7ubuntu1.1_lpia.deb Size/MD5: 607050 d374ff9bc32b7031044b219fa1a30f37 http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.2-7ubuntu1.1_lpia.deb Size/MD5: 1724564 9cbc738ee795248deda534aa214465df http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.2-7ubuntu1.1_lpia.deb Size/MD5: 2700382 8443f051013aae76e719578593e71269 http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-xetex_2007.dfsg.2-7ubuntu1.1_lpia.deb Size/MD5: 6364862 d0cd9ce5f585567d24730091ef6d565c powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-7ubuntu1.1_powerpc.deb Size/MD5: 168978 85932e4da91439d9dacfa15b1ff5682e http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-7ubuntu1.1_powerpc.deb Size/MD5: 126782 03f317aa0dbdd25b9b0bb451056d40b6 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-7ubuntu1.1_powerpc.deb Size/MD5: 8611240 f5ad329721ccc8e562a7765a3fd09801 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-7ubuntu1.1_powerpc.deb Size/MD5: 2629582 1b2fa0a47fe6d9b3c0a6aff57bac390a http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-7ubuntu1.1_powerpc.deb Size/MD5: 690706 a8d7dc6cd84f1e0f658f5bc5767ff310 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-7ubuntu1.1_powerpc.deb Size/MD5: 1298892 8be54cb778f442972df790197e154a9a http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-7ubuntu1.1_powerpc.deb Size/MD5: 6717706 2dff2dd873dddfec3cf1061b52e46462 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-7ubuntu1.1_powerpc.deb Size/MD5: 6802168 ebea7d5953bea8b58d0923f298e111aa http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.2-7ubuntu1.1_powerpc.deb Size/MD5: 642434 2aadc64b89f37a05565c5b223219e4ea http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.2-7ubuntu1.1_powerpc.deb Size/MD5: 1724614 7d35dd8508af5fe54a3513b959a4274e http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.2-7ubuntu1.1_powerpc.deb Size/MD5: 2811298 6cfb8b827a1652833aab098b25947599 http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-xetex_2007.dfsg.2-7ubuntu1.1_powerpc.deb Size/MD5: 6539956 d0ed00a6db36c6489fcd2937b0a3f452 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea-dev_2007.dfsg.2-7ubuntu1.1_sparc.deb Size/MD5: 164164 67aee948a311c661ee74089a3427199c http://ports.ubuntu.com/pool/main/t/texlive-bin/libkpathsea4_2007.dfsg.2-7ubuntu1.1_sparc.deb Size/MD5: 123424 0130484dd9f760ea8c2395824c472c59 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin-doc_2007.dfsg.2-7ubuntu1.1_sparc.deb Size/MD5: 8611262 0c0658b8cc2817837323a9feb0e36955 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-base-bin_2007.dfsg.2-7ubuntu1.1_sparc.deb Size/MD5: 2538114 ffb48cf196cfd29d53e855cf27432d3c http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-extra-utils_2007.dfsg.2-7ubuntu1.1_sparc.deb Size/MD5: 661460 98dc295912e1cf3638a21ad909f7d5e1 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-font-utils_2007.dfsg.2-7ubuntu1.1_sparc.deb Size/MD5: 1286810 42e759df9d13a617bebd35087525aeef http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-lang-indic_2007.dfsg.2-7ubuntu1.1_sparc.deb Size/MD5: 6717180 42303b589783218058fa4c0f59692ca0 http://ports.ubuntu.com/pool/main/t/texlive-bin/texlive-metapost-doc_2007.dfsg.2-7ubuntu1.1_sparc.deb Size/MD5: 6802166 2dabc0967441fa71986f600327080d6e http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-metapost_2007.dfsg.2-7ubuntu1.1_sparc.deb Size/MD5: 626820 92491a7eb12538f07c6afb27226b5c2e http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-music_2007.dfsg.2-7ubuntu1.1_sparc.deb Size/MD5: 1724548 b570f989ae99b4b9d380c1078628b5fe http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-omega_2007.dfsg.2-7ubuntu1.1_sparc.deb Size/MD5: 2796746 d723644351e8bc28efb8cd6aad4ab4ff http://ports.ubuntu.com/pool/universe/t/texlive-bin/texlive-xetex_2007.dfsg.2-7ubuntu1.1_sparc.deb Size/MD5: 6450038 2268c573218e176cb6fc7e7ca85f01a2 ORIGINAL ADVISORY: USN-937-1: http://www.ubuntu.com/usn/USN-937-1 OTHER REFERENCES: SA34445: http://secunia.com/advisories/34445/ SA39390: http://secunia.com/advisories/39390/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 7 16:41:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 8 May 2010 01:41:39 +0200 Subject: [SEC] [SA39734] Avaya Products curl Excessive Data Length in Callback Function Message-ID: <201005072341.o47Nfdo8022231@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Avaya Products curl Excessive Data Length in Callback Function SECUNIA ADVISORY ID: SA39734 VERIFY ADVISORY: http://secunia.com/advisories/39734/ DESCRIPTION: Avaya has acknowledged a security issue in curl included in Avaya products, which can potentially be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library. For more information: SA38427 SOLUTION: The vendor recommends that local and network access to the affected systems be restricted until an update is available. ORIGINAL ADVISORY: ASA-2010-126: http://support.avaya.com/css/P8/documents/100081819 OTHER REFERENCES: SA38427: http://secunia.com/advisories/38427/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 7 16:55:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 8 May 2010 01:55:21 +0200 Subject: [SEC] [SA39725] Ubuntu update for dvipng Message-ID: <201005072355.o47NtLoS010043@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for dvipng SECUNIA ADVISORY ID: SA39725 VERIFY ADVISORY: http://secunia.com/advisories/39725/ DESCRIPTION: Ubuntu has issued an update for dvipng. This fixes some vulnerabilities, which can potentially be exploited by malicious people to compromise a user's system. For more information: SA39648 SOLUTION: Apply updated packages. -- Ubuntu 9.04 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1.diff.gz Size/MD5: 5637 dabdea489ab5eb30b69d29a32b25a8d3 http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1.dsc Size/MD5: 1359 639e1723ccc0ff923d3172d43bc62d41 http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11.orig.tar.gz Size/MD5: 167331 6afa95aec70e4c5934268cff0443f89c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_amd64.deb Size/MD5: 81990 37a793d70ba97eb31c2905b1ccc5022e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_i386.deb Size/MD5: 78506 49d6f36271ae60ef9de6d51c64758c12 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_lpia.deb Size/MD5: 78906 ed6c1393fbab607bc0a74823a771f438 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_powerpc.deb Size/MD5: 86220 048fecd5ab09ad94bc6478bcb32d6d8a sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.04.1_sparc.deb Size/MD5: 80010 a4b43b1a6213ecc7355ab2956459c87b -- Ubuntu 9.10 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1.diff.gz Size/MD5: 5641 3dafdf50218a6269ef6fddcc0a21e6f8 http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1.dsc Size/MD5: 1359 1023698785011a4d5ea940e4a88dbb50 http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11.orig.tar.gz Size/MD5: 167331 6afa95aec70e4c5934268cff0443f89c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_amd64.deb Size/MD5: 82752 e6bcc7f9620e5e41db0358fb83b5aa0a i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_i386.deb Size/MD5: 77646 0f0464056a785b77388bec0f4b6999ef lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_lpia.deb Size/MD5: 77802 3953c9bc7c276e9e9796f9beaa6c809a powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_powerpc.deb Size/MD5: 85848 1ad664271069cfc80ddfea5d79f54910 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.11-1ubuntu0.9.10.1_sparc.deb Size/MD5: 82060 e7d8269582cd2e0e0616a84199cc5f62 -- Ubuntu 10.04 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1.diff.gz Size/MD5: 5701 a4a8c25123f44e6f975775b651a851ad http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1.dsc Size/MD5: 1285 3fad39f6fd7c4354e2197a28d799222c http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12.orig.tar.gz Size/MD5: 168196 0925fb516cdf6b2207138781a4b3076e amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1_amd64.deb Size/MD5: 90440 21750b0a43906006e18fb0a57cbb861b i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1_i386.deb Size/MD5: 85282 b229656ab335dc77d682b195e3021e06 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1_powerpc.deb Size/MD5: 93626 c5d5b932dddb9b78c90c87478c14878c sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/d/dvipng/dvipng_1.12-3ubuntu0.1_sparc.deb Size/MD5: 91402 fc79245fa0cbc7719c7dd9b28776af09 ORIGINAL ADVISORY: USN-936-1: http://www.ubuntu.com/usn/USN-936-1 OTHER REFERENCES: SA39648: http://secunia.com/advisories/39648/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 7 17:07:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 8 May 2010 02:07:33 +0200 Subject: [SEC] [SA39749] Red Hat update for tetex Message-ID: <201005080007.o4807XaB030185@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for tetex SECUNIA ADVISORY ID: SA39749 VERIFY ADVISORY: http://secunia.com/advisories/39749/ DESCRIPTION: Red Hat has issued an update for tetex. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. For more information: SA34291 SA37053 SA39390 SA39648 SOLUTION: Updated packages are available via Red Hat Network. http://rhn.redhat.com ORIGINAL ADVISORY: RHSA-2010-0400: https://rhn.redhat.com/errata/RHSA-2010-0400.html OTHER REFERENCES: SA34291: http://secunia.com/advisories/34291/ SA37053: http://secunia.com/advisories/37053/ SA39390: http://secunia.com/advisories/39390/ SA39648: http://secunia.com/advisories/39648/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 7 17:22:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 8 May 2010 02:22:00 +0200 Subject: [SEC] [SA39719] AV Arcade Pro "q" Cross-Site Scripting Vulnerability Message-ID: <201005080022.o480M0go018032@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: AV Arcade Pro "q" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA39719 VERIFY ADVISORY: http://secunia.com/advisories/39719/ DESCRIPTION: A vulnerability has been reported in AV Arcade Pro, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the parameter "q" to index.php (if "task" is set to "search") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: Vadim Toptunov ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/12519 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 7 17:42:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 8 May 2010 02:42:40 +0200 Subject: [SEC] [SA39750] Red Hat update for tetex Message-ID: <201005080042.o480ge73006174@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for tetex SECUNIA ADVISORY ID: SA39750 VERIFY ADVISORY: http://secunia.com/advisories/39750/ DESCRIPTION: Red Hat has issued an update for tetex. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. For more information: SA27672 SA34291 SA37053 SA39390 SA39648 SOLUTION: Updated packages are available via Red Hat Network. http://rhn.redhat.com ORIGINAL ADVISORY: RHSA-2010-0399: https://rhn.redhat.com/errata/RHSA-2010-0399.html OTHER REFERENCES: SA27672: http://secunia.com/advisories/27672/ SA34291: http://secunia.com/advisories/34291/ SA37053: http://secunia.com/advisories/37053/ SA39390: http://secunia.com/advisories/39390/ SA39648: http://secunia.com/advisories/39648/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 7 17:54:53 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 8 May 2010 02:54:53 +0200 Subject: [SEC] [SA39641] Fedora update for sahana Message-ID: <201005080054.o480sran026321@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Fedora update for sahana SECUNIA ADVISORY ID: SA39641 VERIFY ADVISORY: http://secunia.com/advisories/39641/ DESCRIPTION: Fedora has issued an update for sahana. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA39020 SOLUTION: Apply updated packages via the yum utility ("yum update sahana"). ORIGINAL ADVISORY: FEDORA-2010-6379: http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040962.html OTHER REFERENCES: SA39020: http://secunia.com/advisories/39020/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 7 18:07:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 8 May 2010 03:07:33 +0200 Subject: [SEC] [SA39726] Debian update for iscsitarget Message-ID: <201005080107.o4817X1o014089@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Debian update for iscsitarget SECUNIA ADVISORY ID: SA39726 VERIFY ADVISORY: http://secunia.com/advisories/39726/ DESCRIPTION: Debian has issued an update for iscsitarget. This fixes multiple vulnerabilities which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA39142 SOLUTION: Apply updated packages. -- Debian GNU/Linux 5.0 -- Source: http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1.dsc http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162.orig.tar.gz http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1.diff.gz Architecture-independent component: http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget-source_0.4.16+svn162-3.1+lenny1_all.deb Alpha: http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_alpha.deb AMD64: http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_amd64.deb ARM: http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_arm.deb ARM EABI: http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_armel.deb HP Precision: http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_hppa.deb Intel IA-32: http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_i386.deb Intel IA-64: http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_ia64.deb Big-endian MIPS: http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_mips.deb Little-endian MIPS: http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_mipsel.deb PowerPC: http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_powerpc.deb IBM S/390: http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_s390.deb Sun Sparc: http://security.debian.org/pool/updates/main/i/iscsitarget/iscsitarget_0.4.16+svn162-3.1+lenny1_sparc.deb ORIGINAL ADVISORY: DSA-2042-1: http://www.debian.org/security/2010/dsa-2042 OTHER REFERENCES: SA39142: http://secunia.com/advisories/39142/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 7 18:21:45 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 8 May 2010 03:21:45 +0200 Subject: [SEC] [SA39657] Red Hat update for tetex Message-ID: <201005080121.o481LjRD001877@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for tetex SECUNIA ADVISORY ID: SA39657 VERIFY ADVISORY: http://secunia.com/advisories/39657/ DESCRIPTION: Red Hat has issued an update for tetex. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. For more information: SA27672 SA37053 SA39390 SA39648 SOLUTION: Updated packages are available via Red Hat Network. http://rhn.redhat.com ORIGINAL ADVISORY: RHSA-2010-0401: https://rhn.redhat.com/errata/RHSA-2010-0401.html OTHER REFERENCES: SA27672: http://secunia.com/advisories/27627/ SA37053: http://secunia.com/advisories/37053/ SA39390: http://secunia.com/advisories/39390/ SA39648: http://secunia.com/advisories/39648/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 7 18:42:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 8 May 2010 03:42:30 +0200 Subject: [SEC] [SA39727] VMware View Cross-Site Scripting Vulnerability Message-ID: <201005080142.o481gUjQ022454@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: VMware View Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA39727 VERIFY ADVISORY: http://secunia.com/advisories/39727/ DESCRIPTION: A vulnerability has been reported in VMware View, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via unspecified parameters to the View Manager is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in VMware View prior to version 3.1.3 build 252693. SOLUTION: Update to version 3.1.3 build 252693. PROVIDED AND/OR DISCOVERED BY: The vendor credits Alexey Sintsov, Digital Security Research Group ORIGINAL ADVISORY: http://www.vmware.com/security/advisories/VMSA-2010-0008.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 7 18:54:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 8 May 2010 03:54:54 +0200 Subject: [SEC] [SA39722] HP Mercury LoadRunner Agent Command Execution Vulnerability Message-ID: <201005080154.o481ssm1010223@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: HP Mercury LoadRunner Agent Command Execution Vulnerability SECUNIA ADVISORY ID: SA39722 VERIFY ADVISORY: http://secunia.com/advisories/39722/ DESCRIPTION: A vulnerability has been reported in HP Mercury LoadRunner Agent, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified error in magentproc.exe, which can be exploited to execute local commands with SYSTEM privileges by sending a specially crafted packet to port 54345/TCP. The vulnerability is reported in HP LoadRunner Agent running on Windows, supplied with LoadRunner prior to v9.50. SOLUTION: Update to version 9.50 and enable the "Secure Channel" feature. PROVIDED AND/OR DISCOVERED BY: Tenable Network Security, reported via ZDI. ORIGINAL ADVISORY: HP (HPSBMA02201 SSRT071328): https://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00912968 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-080/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 7 19:09:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 8 May 2010 04:09:48 +0200 Subject: [SEC] [SA39742] SUSE update for kernel Message-ID: <201005080209.o4829mq9030964@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for kernel SECUNIA ADVISORY ID: SA39742 VERIFY ADVISORY: http://secunia.com/advisories/39742/ DESCRIPTION: SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and disclose potentially sensitive information and by malicious people to cause a DoS (Denial of Service). For more information: SA35265 SA37590 SA38317 SA38601 SA39178 SOLUTION: Apply updated packages. SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T http://download.novell.com/patch/finder/?keywords=37bb490b2d9ca27c1027e09c0453381c SUSE Linux Enterprise Server 10 SP2 http://download.novell.com/patch/finder/?keywords=37bb490b2d9ca27c1027e09c0453381c http://download.novell.com/patch/finder/?keywords=080b3adeb2675c55f2a71c2e68f85e07 http://download.novell.com/patch/finder/?keywords=ef2b9d5d6bc17682fa94fd4898564773 http://download.novell.com/patch/finder/?keywords=e7da2abdeaf19e694fa26d810aaab118 http://download.novell.com/patch/finder/?keywords=43e02dcbe650533bbc5c4aeb6300f0d0 SLE SDK 10 SP2 http://download.novell.com/patch/finder/?keywords=37bb490b2d9ca27c1027e09c0453381c http://download.novell.com/patch/finder/?keywords=ef2b9d5d6bc17682fa94fd4898564773 http://download.novell.com/patch/finder/?keywords=e7da2abdeaf19e694fa26d810aaab118 http://download.novell.com/patch/finder/?keywords=43e02dcbe650533bbc5c4aeb6300f0d0 SUSE Linux Enterprise Desktop 10 SP2 http://download.novell.com/patch/finder/?keywords=37bb490b2d9ca27c1027e09c0453381c http://download.novell.com/patch/finder/?keywords=43e02dcbe650533bbc5c4aeb6300f0d0 SUSE Linux Enterprise Desktop 10 SP2 for x86 http://download.novell.com/patch/finder/?keywords=43e02dcbe650533bbc5c4aeb6300f0d0 ORIGINAL ADVISORY: SUSE-SA:2010:023: http://www.novell.com/linux/security/advisories/2010_23_kernel.html OTHER REFERENCES: SA35265: http://secunia.com/advisories/35265/ SA37590: http://secunia.com/advisories/37590/ SA38317: http://secunia.com/advisories/38317/ SA38601: http://secunia.com/advisories/38601/ SA39178: http://secunia.com/advisories/39178/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 7 19:21:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 8 May 2010 04:21:37 +0200 Subject: [SEC] [SA39648] Tex Live dvipng Array Indexing Vulnerabilities Message-ID: <201005080221.o482LbmL018701@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Tex Live dvipng Array Indexing Vulnerabilities SECUNIA ADVISORY ID: SA39648 VERIFY ADVISORY: http://secunia.com/advisories/39648/ DESCRIPTION: Some vulnerabilities have been reported in Tex Live, which can potentially be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to array indexing errors within the dvipng utility, which can be exploited to cause a memory corruption by e.g. tricking a user into processing specially crafted dvi files using the utility. SOLUTION: Fixed in the SVN repository. PROVIDED AND/OR DISCOVERED BY: Dan Rosenberg ORIGINAL ADVISORY: Ubuntu bug #537638: https://bugs.launchpad.net/ubuntu/+source/dvipng/+bug/537638 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 7 19:42:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 8 May 2010 04:42:47 +0200 Subject: [SEC] [SA39721] Baofeng Storm Playlist Processing Buffer Overflow Vulnerability Message-ID: <201005080242.o482glj1006855@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Baofeng Storm Playlist Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA39721 VERIFY ADVISORY: http://secunia.com/advisories/39721/ DESCRIPTION: A vulnerability has been discovered in Baofeng Storm, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in MediaLib.dll when processing playlist files. This can be exploited to cause a stack-based buffer overflow via e.g. an M3U file containing an overly long entry. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 3.10.04.16. Other versions prior to 3.10.04.29 may also be affected. SOLUTION: Update to version 3.10.04.29. PROVIDED AND/OR DISCOVERED BY: Qingshan Li and Lufeng Li of Neusoft Corporation ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 7 19:54:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 8 May 2010 04:54:42 +0200 Subject: [SEC] [SA39751] Consona SdcUser.TgConCtl ActiveX Control Multiple Vulnerabilities Message-ID: <201005080254.o482sguV026992@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Consona SdcUser.TgConCtl ActiveX Control Multiple Vulnerabilities SECUNIA ADVISORY ID: SA39751 VERIFY ADVISORY: http://secunia.com/advisories/39751/ DESCRIPTION: Some vulnerabilities have been reported in the Consona SdcUser.TgConCtl ActiveX control, which potentially can be exploited by malicious people to compromise a user's system. 1) The SdcUser.TgConCtl ActiveX control (tgctlcm.dll) provides certain dangerous methods (e.g. "RunCmd()", "Install()", and "HTTPDownloadFile()". 2) A buffer overflow exists within the "RunCmd()" method of the SdcUser.TgConCtl ActiveX control. Successful exploitation of the vulnerabilities allows execution of arbitrary code, but requires that the attacker e.g. conducts DNS poisoning or cross-site scripting attacks as the ActiveX control is site-locked and can only be scripted from a trusted domain. SOLUTION: Set the kill-bit for the affected ActiveX control. CLSID: {01113300-3E00-11D2-8470-0060089874ED} PROVIDED AND/OR DISCOVERED BY: Rub?n Santamarta ORIGINAL ADVISORY: Wintercore: http://www.wintercore.com/downloads/rootedcon_0day.pdf Consona: http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf OTHER REFERENCES: US-CERT VU#602801: http://www.kb.cert.org/vuls/id/602801 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 7 20:07:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 8 May 2010 05:07:33 +0200 Subject: [SEC] [SA39698] PmWiki "width" Script Insertion Vulnerability Message-ID: <201005080307.o4837XuN014771@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: PmWiki "width" Script Insertion Vulnerability SECUNIA ADVISORY ID: SA39698 VERIFY ADVISORY: http://secunia.com/advisories/39698/ DESCRIPTION: Hanno Boeck has discovered a vulnerability in PmWiki, which can be exploited by malicious people to conduct script insertion attacks. Input passed via the "width" markup while creating a table is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerability is confirmed in version 2.2.15. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Hanno Boeck ORIGINAL ADVISORY: http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 7 20:21:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 8 May 2010 05:21:38 +0200 Subject: [SEC] [SA39670] Apple Safari "parent.close()" Code Execution Vulnerability Message-ID: <201005080321.o483LcRT002568@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Apple Safari "parent.close()" Code Execution Vulnerability SECUNIA ADVISORY ID: SA39670 VERIFY ADVISORY: http://secunia.com/advisories/39670/ DESCRIPTION: A vulnerability has been discovered in Apple Safari, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the handling of parent windows and can result in a function call using an invalid pointer. This can be exploited to execute arbitrary code when a user e.g. visits a specially crafted web page and closes opened pop-up windows. The vulnerability is confirmed in Safari version 4.0.5 for Windows. Other versions may also be affected. SOLUTION: Do not visit untrusted web sites or follow links from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Krystian Kloskowski (h07) ORIGINAL ADVISORY: http://h07.w.interia.pl/Safari.rar ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 10 10:26:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 10 May 2010 19:26:54 +0200 Subject: [SEC] [SA39769] Aliens vs. Predator Denial of Service Vulnerabilities Message-ID: <201005101726.o4AHQsdE027958@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Aliens vs. Predator Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA39769 VERIFY ADVISORY: http://secunia.com/advisories/39769/ DESCRIPTION: Luigi Auriemma has reported some vulnerabilities in Aliens vs. Predator, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error when processing 0x66 packets can be exploited to trigger a read from out-of-bounds memory and crash an affected server. 2) An error when processing 0x66 packets can be exploited to request the allocation of an overly large buffer and terminate an affected server. 3) An error when processing 0x66 packets having an insufficient size can be exploited to trigger a NULL-pointer dereference and crash an affected server. 4) An error when processing 0x0C packets having an insufficient size can be exploited to trigger a NULL-pointer dereference and crash an affected server. 5) An error when processing 0x0C packets can be exploited to trigger a read from out-of-bounds memory and crash an affected server. SOLUTION: Host games in trusted networks only. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/avp3dos-adv.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 10 11:26:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 10 May 2010 20:26:48 +0200 Subject: [SEC] [SA39696] HiWeb Wiesbaden Shop - Lizenzsystem - Downloadsystem "id" SQL Injection Message-ID: <201005101826.o4AIQm6q017883@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: HiWeb Wiesbaden Shop - Lizenzsystem - Downloadsystem "id" SQL Injection SECUNIA ADVISORY ID: SA39696 VERIFY ADVISORY: http://secunia.com/advisories/39696/ DESCRIPTION: A vulnerability has been reported in Shop - Lizenzsystem - Downloadsystem, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "id" parameter index.php (when "site" is set to "content") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Easy Laster ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 10 12:26:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 10 May 2010 21:26:35 +0200 Subject: [SA39758] HiWeb Wiesbaden Rückwärts Auktionshaus Products "id" SQL Injection Message-ID: <201005101926.o4AJQZKr007824@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: HiWeb Wiesbaden R?ckw?rts Auktionshaus Products "id" SQL Injection SECUNIA ADVISORY ID: SA39758 VERIFY ADVISORY: http://secunia.com/advisories/39758/ DESCRIPTION: A vulnerability has been reported in R?ckw?rts Auktionshaus Community Premium System and Countdown Standart R?ckw?rts Auktions System, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "id" parameter in cafe.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Easy Laster ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 10 13:26:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 10 May 2010 22:26:40 +0200 Subject: [SEC] [SA39718] HiWeb Wiesbaden Live Shopping Multi Portal System "artikel" SQL Injection Message-ID: <201005102026.o4AKQe5I030144@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: HiWeb Wiesbaden Live Shopping Multi Portal System "artikel" SQL Injection SECUNIA ADVISORY ID: SA39718 VERIFY ADVISORY: http://secunia.com/advisories/39718/ DESCRIPTION: A vulnerability has been reported in Live Shopping Multi Portal System, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "artikel" parameter in index.php (e.g. when "seite" is set to "2") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Easy Laster ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 10 14:20:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 10 May 2010 23:20:38 +0200 Subject: [SEC] [SA39785] 3Com H3C Products SSH Server Denial of Service Vulnerability Message-ID: <201005102120.o4ALKcAL019915@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: 3Com H3C Products SSH Server Denial of Service Vulnerability SECUNIA ADVISORY ID: SA39785 VERIFY ADVISORY: http://secunia.com/advisories/39785/ DESCRIPTION: A vulnerability has been reported in 3Com H3C products, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error and can be exploited to cause an affected device to reboot by sending specially crafted SSH packets to it. Successful exploitation requires that the device is configured as SSH server. SOLUTION: Update to the latest versions. H3C S3100-52P: Update to Comware 3.10 Release 1702P13. 3Com Switch 4500: Update to version 3.03.02p09 3Com Switch 4200: Update to version 3.2.4. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: 3Com H3C (LSOD09619): http://support.3com.com/documents/H3C/switches/3100/H3C_S3100-52P_CMW3.10.R1702P13_Release_Notes.pdf http://support.3com.com/documents/switches/4500/Switch_4500_V3.03.02p09_Release_Notes.pdf 3Com H3C (LSOD09646) http://support.3com.com/documents/switches/4200G/Switch_4200G_V3.02.04_Release_Notes.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 10 14:41:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 10 May 2010 23:41:35 +0200 Subject: [SEC] [SA39736] ESET Smart Security / NOD32 Antivirus LZH Processing Denial of Service Message-ID: <201005102141.o4ALfZrm008094@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: ESET Smart Security / NOD32 Antivirus LZH Processing Denial of Service SECUNIA ADVISORY ID: SA39736 VERIFY ADVISORY: http://secunia.com/advisories/39736/ DESCRIPTION: Oleksiuk Dmitry has discovered a vulnerability in ESET Smart Security and ESET NOD32 Antivirus, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing LZH archives. This can be exploited to hang an affected system when a specially crafted LZH archive is scanned. The vulnerability is confirmed in ESET Smart Security version 4.2.40.0 and ESET NOD32 Antivirus version 4.2.42.0. Other versions may also be affected. SOLUTION: Do not scan LZH archives using the application. Restrict local access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Oleksiuk Dmitry ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0104.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 10 14:53:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 10 May 2010 23:53:39 +0200 Subject: [SEC] [SA39728] eFront "chatrooms_ID" SQL Injection Vulnerability Message-ID: <201005102153.o4ALrd55028259@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: eFront "chatrooms_ID" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA39728 VERIFY ADVISORY: http://secunia.com/advisories/39728/ DESCRIPTION: Stefan Esser has discovered a vulnerability in eFront, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "chatrooms_ID" parameter to ask_chat.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 3.6.2 build 6550. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Stefan Esser ORIGINAL ADVISORY: MOPS-2010-018: http://php-security.org/2010/05/09/mops-2010-018-efront-ask_chat-chatrooms_id-sql-injection-vulnerability/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 10 15:07:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 11 May 2010 00:07:03 +0200 Subject: [SEC] [SA39761] HiWeb Wiesbaden Web 2.0 Social Network Freunde Community System "id" SQL Injection Message-ID: <201005102207.o4AM73SG016101@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: HiWeb Wiesbaden Web 2.0 Social Network Freunde Community System "id" SQL Injection SECUNIA ADVISORY ID: SA39761 VERIFY ADVISORY: http://secunia.com/advisories/39761/ DESCRIPTION: A vulnerability has been reported in Web 2.0 Social Network Freunde Community System, which can be exploited by malicious users to conduct SQL injection attacks. Input passed to the "id" parameter in user.php (when "toDo" is set to "showgallery") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Easy Laster ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 10 15:20:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 11 May 2010 00:20:42 +0200 Subject: [SEC] [SA39780] Zolsoft Office Server Cross-Site Request Forgery Vulnerability Message-ID: <201005102220.o4AMKgUH003943@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Zolsoft Office Server Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA39780 VERIFY ADVISORY: http://secunia.com/advisories/39780/ DESCRIPTION: John Leitch has discovered a vulnerability in Zolsoft Office Server, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application's web interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change a users password by tricking a logged in user into visiting a malicious web site. The vulnerability is confirmed in Free Edition 2010.0502. Other versions may also be affected. SOLUTION: Do not browse untrusted websites or follow untrusted links while logged in to the application. PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: http://cross-site-scripting.blogspot.com/2010/05/zolsoft-office-server-free-edition.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 10 15:41:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 11 May 2010 00:41:34 +0200 Subject: [SEC] [SA39743] rPath update for openssl Message-ID: <201005102241.o4AMfYxY024523@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: rPath update for openssl SECUNIA ADVISORY ID: SA39743 VERIFY ADVISORY: http://secunia.com/advisories/39743/ DESCRIPTION: rPath has issued an update for openssl. This fixes multiple vulnerabilities, where one has unknown impacts and the others can be exploited by malicious people to manipulate certain data and cause a DoS (Denial of Service). For more information: SA37291 SA38807 SOLUTION: Update to the latest version. openssl=conary.rpath.com at rpl:1/0.9.7f-10.18-1 openssl-scripts=conary.rpath.com at rpl:1/0.9.7f-10.13-1 ORIGINAL ADVISORY: rPSA-2010-0036: http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0036 OTHER REFERENCES: SA37291: http://secunia.com/advisories/37291/ SA38807: http://secunia.com/advisories/38807/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 10 15:53:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 11 May 2010 00:53:35 +0200 Subject: [SEC] [SA39746] GNUStep Base "gdomap" Integer Overflow and Information Disclosure Message-ID: <201005102253.o4AMrZW4012290@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: GNUStep Base "gdomap" Integer Overflow and Information Disclosure SECUNIA ADVISORY ID: SA39746 VERIFY ADVISORY: http://secunia.com/advisories/39746/ DESCRIPTION: Two vulnerabilities have been reported in GNUStep Base, which can be exploited by malicious, local users to potentially gain escalated privileges or disclose sensitive information. 1) The "gdomap" application includes the content of files in error messages when parsing a configuration file specified via the "-c" command line option. This can be exploited to disclose sensitive information by passing an arbitrary file as configuration file to the application. 2) An integer overflow error exists in the "gdomap" application when parsing configuration files. This can be exploited to cause a heap-based buffer overflow when a specially crafted configuration file containing a large number lines is being processed. Successful exploitation of the vulnerabilities requires that the "gdomap" binary has the "setuid" bit set and is owned by e.g. root. SOLUTION: Update to version 1.20.0. PROVIDED AND/OR DISCOVERED BY: Dan Rosenberg ORIGINAL ADVISORY: Dan Rosenberg: http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336 http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 10 16:06:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 11 May 2010 01:06:47 +0200 Subject: [SEC] [SA39744] rPath update for kernel Message-ID: <201005102306.o4AN6lZW032512@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: rPath update for kernel SECUNIA ADVISORY ID: SA39744 VERIFY ADVISORY: http://secunia.com/advisories/39744/ DESCRIPTION: rPath has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service). For more information: SA38594 SOLUTION: Update to the latest version. kernel=rap-emc.rpath.com at rpath:emc-production-1/2.6.29.6-9-1 kernel=rap.rpath.com at rpath:linux-1/2.6.29.6-9-1 ORIGINAL ADVISORY: http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0037 OTHER REFERENCES: SA38594: http://secunia.com/advisories/38594/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 10 16:20:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 11 May 2010 01:20:34 +0200 Subject: [SEC] [SA39692] Dolphin ELF Processing Memory Corruption Vulnerability Message-ID: <201005102320.o4ANKYFD020364@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Dolphin ELF Processing Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA39692 VERIFY ADVISORY: http://secunia.com/advisories/39692/ DESCRIPTION: A vulnerability has been discovered in Dolphin, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error when attempting to change the byte order of values read from the header of an ELF file. This can be exploited to corrupt arbitrary memory by tricking a user into opening an ELF file having e.g. an overly large "e_phoff" header field. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in version 2.0. Other versions may also be affected. SOLUTION: Do not open untrusted ELF files. PROVIDED AND/OR DISCOVERED BY: Reported as a crash by Pr0T3cT10n. Additional information provided by Secunia Research. ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon May 10 16:41:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 11 May 2010 01:41:31 +0200 Subject: [SEC] [SA39739] rPath update for ntp Message-ID: <201005102341.o4ANfVM0008544@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: rPath update for ntp SECUNIA ADVISORY ID: SA39739 VERIFY ADVISORY: http://secunia.com/advisories/39739/ DESCRIPTION: rPath has issued an update for ntp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA37629 SOLUTION: Update to the latest version. ntp=conary.rpath.com at rpl:1/4.2.4p8-0.2-1 ORIGINAL ADVISORY: rPSA-2010-0034: http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0034 OTHER REFERENCES: SA37629: http://secunia.com/advisories/37629/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue May 11 10:26:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 11 May 2010 19:26:35 +0200 Subject: [SEC] [SA39781] IBM HTTP Server Multiple Vulnerabilities Message-ID: <201005111726.o4BHQZWx011840@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: IBM HTTP Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA39781 VERIFY ADVISORY: http://secunia.com/advisories/39781/ DESCRIPTION: IBM has acknowledged multiple vulnerabilities in IBM HTTP Server, which can be exploited by malicious people to manipulate certain data, conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), or to potentially compromise a vulnerable system. For more information: SA30621 SA31384 SA35284 SA35781 SA36226 SA36549 SA36675 SA37291 SA38776 SOLUTION: Apply cumulative fix PM10658. ORIGINAL ADVISORY: IBM: http://www-01.ibm.com/support/docview.wss?uid=swg1PM10658 OTHER REFERENCES: SA30621: http://secunia.com/advisories/30621/ SA31384: http://secunia.com/advisories/31384/ SA35284: http://secunia.com/advisories/35284/ SA35781: http://secunia.com/advisories/35781/ SA36226: http://secunia.com/advisories/36226/ SA36549: http://secunia.com/advisories/36549/ SA36675: http://secunia.com/advisories/36675/ SA37291: http://secunia.com/advisories/37291/ SA38776: http://secunia.com/advisories/38776/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue May 11 11:27:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 11 May 2010 20:27:17 +0200 Subject: [SEC] [SA39782] Xinha Configuration Variable Overwrite Vulnerabilities Message-ID: <201005111827.o4BIRHOj001759@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Xinha Configuration Variable Overwrite Vulnerabilities SECUNIA ADVISORY ID: SA39782 VERIFY ADVISORY: http://secunia.com/advisories/39782/ DESCRIPTION: Stefan Esser has discovered some vulnerabilities in Xinha, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused due to errors in the processing of configuration variables e.g. within config.inc.php for the "ImageManager" and the "ExtendedFileManager" plugins. These can be exploited to overwrite certain configuration variables and e.g. upload and execute arbitrary PHP code to an affected system. The vulnerabilities are confirmed in version 0.95. Other versions may also be affected. SOLUTION: Restrict network access to the application to trusted users (e.g. via an .htaccess file). PROVIDED AND/OR DISCOVERED BY: Stefan Esser ORIGINAL ADVISORY: http://php-security.org/2010/05/10/mops-2010-020-xinha-wysiwyg-plugin-configuration-injection-vulnerability/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue May 11 12:26:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 11 May 2010 21:26:49 +0200 Subject: [SEC] [SA39663] Visual Basic for Applications Single-Byte Stack Overwrite Vulnerability Message-ID: <201005111926.o4BJQnH9024143@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Visual Basic for Applications Single-Byte Stack Overwrite Vulnerability SECUNIA ADVISORY ID: SA39663 VERIFY ADVISORY: http://secunia.com/advisories/39663/ DESCRIPTION: A vulnerability has been reported in Microsoft Visual Basic for Applications (VBA), which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in VBE6.dll within some text parsing code when searching for ActiveX controls in documents supporting VBA (e.g. an Office document). This can be exploited to convert a single byte with the value 0x2E outside the bounds of a buffer to 0x00 via a specially crafted document with embedded ActiveX controls passed to the VBA runtime. SOLUTION: Apply patches. Microsoft Office XP SP3: http://www.microsoft.com/downloads/details.aspx?familyid=72c23b0f-4e24-4334-bc8a-334adc8bc42b Microsoft Office 2003 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=f8eac9bc-8389-4ac8-8b29-9a8180d9fd34 2007 Microsoft Office System SP1/SP2: http://www.microsoft.com/downloads/details.aspx?familyid=160ad53e-6475-4550-90c2-444e4abea730 Microsoft Visual Basic for Applications: http://www.microsoft.com/downloads/details.aspx?familyid=436a8a66-352e-44d1-a610-c825083ad24a Microsoft Visual Basic for Applications SDK: An updated version is available for independent software vendors from the Summit Software Company. PROVIDED AND/OR DISCOVERED BY: The vendor credits NSFocus Security Team. ORIGINAL ADVISORY: MS10-031 (KB974945, KB976321, KB976380, KB976382, KB978213): http://www.microsoft.com/technet/security/bulletin/ms10-031.mspx OTHER REFERENCES: VBE6 Single-Byte Stack Overwrite (blog): http://blogs.technet.com/srd/archive/2010/05/11/ms10-031-vbe6-single-byte-stack-overwrite.aspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue May 11 13:26:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 11 May 2010 22:26:49 +0200 Subject: [SEC] [SA39766] Outlook Express / Windows Mail STAT Response Integer Overflow Message-ID: <201005112026.o4BKQnNX014078@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Outlook Express / Windows Mail STAT Response Integer Overflow SECUNIA ADVISORY ID: SA39766 VERIFY ADVISORY: http://secunia.com/advisories/39766/ DESCRIPTION: Francis Provencher has discovered a vulnerability in Microsoft Outlook Express and Windows Mail, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an integer overflow when processing responses received from a POP3 server. This can be exploited to dereference out-of-bounds memory and potentially trigger a memory corruption via a specially crafted STAT response. Successful exploitation may allow execution of arbitrary code, but requires that the user is tricked into connecting to a malicious POP3 server. The vulnerability is confirmed in Outlook Express on a fully patched Windows 2000, Windows XP SP3, and Windows Server 2003, and in Windows Mail on a fully patched Windows Server 2008. Windows Mail in Windows Vista is also reportedly affected. SOLUTION: Apply patches. -- Windows 2000 SP4 -- Microsoft Outlook Express 5.5 SP2: http://www.microsoft.com/downloads/details.aspx?familyid=661F5DE3-A593-4961-8E8D-2777797EB5C5 Microsoft Outlook Express 6 SP1 http://www.microsoft.com/downloads/details.aspx?familyid=CDA75174-B535-4559-A52D-B5EC3A1DF349 -- Windows XP SP2/SP3 -- Microsoft Outlook Express 6: http://www.microsoft.com/downloads/details.aspx?familyid=99707C3D-A3CB-47DA-B38E-8AE0227FD703 Windows Live Mail: http://www.microsoft.com/downloads/details.aspx?familyid=99707C3D-A3CB-47DA-B38E-8AE0227FD703 -- Windows XP Professional x64 Edition SP2 -- Microsoft Outlook Express 6: http://www.microsoft.com/downloads/details.aspx?familyid=44BC97BB-6F76-4C96-AF72-69DAAEA80FFF Windows Live Mail: http://www.microsoft.com/downloads/details.aspx?familyid=44BC97BB-6F76-4C96-AF72-69DAAEA80FFF -- Windows Server 2003 SP2 -- Microsoft Outlook Express 6 http://www.microsoft.com/downloads/details.aspx?familyid=EB9742FC-0934-4B38-9EC4-3597FC71EC00 -- Windows Server 2003 x64 Edition SP2 -- Microsoft Outlook Express 6: http://www.microsoft.com/downloads/details.aspx?familyid=5678515A-97EA-4E00-8700-D3F2FCDC0EFC -- Windows Server 2003 with SP2 for Itanium-based Systems -- Microsoft Outlook Express 6: http://www.microsoft.com/downloads/details.aspx?familyid=60EF635B-CB6D-402F-B904-E69B519D797F -- Windows Vista SP1/SP2 -- Windows Mail: http://www.microsoft.com/downloads/details.aspx?familyid=A970C869-24FE-4EF4-B189-7A6BAC2411F1 Windows Live Mail: http://www.microsoft.com/downloads/details.aspx?familyid=A970C869-24FE-4EF4-B189-7A6BAC2411F1 -- Windows Vista x64 Edition SP1/SP2 -- Windows Mail: http://www.microsoft.com/downloads/details.aspx?familyid=9A7853B5-4F9F-4467-9530-EEA2EFD504A5 Windows Live Mail: http://www.microsoft.com/downloads/details.aspx?familyid=9A7853B5-4F9F-4467-9530-EEA2EFD504A5 -- Windows Server 2008 for 32-bit Systems (optionally with SP2) -- Windows Mail: http://www.microsoft.com/downloads/details.aspx?familyid=5F77A640-247C-4ED2-9FCA-4B7344F4DC7C Windows Live Mail: http://www.microsoft.com/downloads/details.aspx?familyid=5F77A640-247C-4ED2-9FCA-4B7344F4DC7C -- Windows Server 2008 for x64-based Systems (optionally with SP2) -- Windows Mail: http://www.microsoft.com/downloads/details.aspx?familyid=B0EAB011-5847-44E4-BC0D-5C5355E1E8D0 Windows Live Mail: http://www.microsoft.com/downloads/details.aspx?familyid=B0EAB011-5847-44E4-BC0D-5C5355E1E8D0 -- Windows Server 2008 for Itanium-based Systems (optionally with SP2) -- Windows Mail: http://www.microsoft.com/downloads/details.aspx?familyid=DA01AE82-895E-4739-916F-A63B9095A076 Windows Live Mail: http://www.microsoft.com/downloads/details.aspx?familyid=DA01AE82-895E-4739-916F-A63B9095A076 -- Windows 7 for 32-bit Systems -- Windows Mail: http://www.microsoft.com/downloads/details.aspx?familyid=1F0C17BE-BA4C-4A1C-B9C3-8AC368800947 Windows Live Mail: http://www.microsoft.com/downloads/details.aspx?familyid=1F0C17BE-BA4C-4A1C-B9C3-8AC368800947 -- Windows 7 for x64-based Systems -- Windows Mail: http://www.microsoft.com/downloads/details.aspx?familyid=A70F15E1-512C-44CA-A308-928E237AC0CE Windows Live Mail: http://www.microsoft.com/downloads/details.aspx?familyid=A70F15E1-512C-44CA-A308-928E237AC0CE -- Windows Server 2008 R2 for x64-based Systems -- Windows Mail: http://www.microsoft.com/downloads/details.aspx?familyid=E2E25C02-38CE-4868-A01A-39FC7D2A4150 Windows Live Mail: http://www.microsoft.com/downloads/details.aspx?familyid=E2E25C02-38CE-4868-A01A-39FC7D2A4150 -- Windows Server 2008 R2 for Itanium-based Systems -- Windows Mail: http://www.microsoft.com/downloads/details.aspx?familyid=53ED1055-B5EE-4FDE-9550-F8B401916467 Windows Live Mail: http://www.microsoft.com/downloads/details.aspx?familyid=53ED1055-B5EE-4FDE-9550-F8B401916467 PROVIDED AND/OR DISCOVERED BY: Francis Provencher, Protek Research Lab's. CHANGELOG: 2010-05-11: Updated "Extended Description" and added PoC. Updated "Solution" section. Added additional information provided by Microsoft. ORIGINAL ADVISORY: MS10-030 (KB978542): http://www.microsoft.com/technet/security/bulletin/ms10-030.mspx Francis Provencher: http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=13&Itemid=13 OTHER REFERENCES: Malicious Mail server vulnerability (blog): http://blogs.technet.com/srd/archive/2010/05/11/ms10-030-malicious-mail-server-vulnerability.aspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue May 11 14:20:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 11 May 2010 23:20:42 +0200 Subject: [SEC] [SA39772] DynamiXgate Affiliate Store Builder Cross-Site Request Forgery Vulnerability Message-ID: <201005112120.o4BLKg9D003851@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: DynamiXgate Affiliate Store Builder Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA39772 VERIFY ADVISORY: http://secunia.com/advisories/39772/ DESCRIPTION: High-Tech Bridge SA has reported a vulnerability in Affiliate Store Builder, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. add new pages or modify page content by tricking an administrator into visiting a malicious web site. NOTE: This may further be used to conduct script insertion attacks. SOLUTION: Do not browse untrusted websites or follow untrusted links while logged in to the application. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: http://www.htbridge.ch/advisory/xss_in_dynamixgate.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue May 11 14:42:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 11 May 2010 23:42:11 +0200 Subject: [SEC] [SA39789] Debian update for vlc Message-ID: <201005112142.o4BLgBBe024458@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Debian update for vlc SECUNIA ADVISORY ID: SA39789 VERIFY ADVISORY: http://secunia.com/advisories/39789/ DESCRIPTION: Debian has issued an update for vlc. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system. For more information: SA36037 SOLUTION: Apply updated packages. -- Debian GNU/Linux 5.0 alias lenny -- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3.dsc Size/MD5 checksum: 3082 6d0733f7509888eb5794b8472b99d7ff http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h.orig.tar.gz Size/MD5 checksum: 16977154 9b3e15802b482cb12e79d2eb8cc4ea98 http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3.diff.gz Size/MD5 checksum: 45790 aecd1047e2c775dddb1f0c452997686b alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_alpha.deb Size/MD5 checksum: 7030 1e0640617b2d1d7c134ce16b459dc6fb http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_alpha.deb Size/MD5 checksum: 4482 3bca20543bb595afaf6f0ebc96677ac1 http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_alpha.deb Size/MD5 checksum: 749162 8eed672f93a157c73febe9c7dfe00721 http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_alpha.deb Size/MD5 checksum: 1313336 6d34c5e3d4777b5a5b25c1664f507d20 http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_alpha.deb Size/MD5 checksum: 13164 4725222d0582c115f74a288e3b7be295 http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_alpha.deb Size/MD5 checksum: 5098 fbd83718fd1250d9ae4108a01486ba8c http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_alpha.deb Size/MD5 checksum: 42250 36c7161ebc7e4a4ade88e151940eaf7e http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_alpha.deb Size/MD5 checksum: 547146 4355b40cd7e611559be74d5daf9d342b http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_alpha.deb Size/MD5 checksum: 5360 70c37f4cc208060ae7344fd1660354f9 http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_alpha.deb Size/MD5 checksum: 5364540 2aa006058086f601d18aa7092027d3b8 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_amd64.deb Size/MD5 checksum: 6240 7befb38587bc66cc2664f5f4b9d6d856 http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_amd64.deb Size/MD5 checksum: 4940216 d39c277184ff2a04bac6dc74102b628b http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_amd64.deb Size/MD5 checksum: 37430 0185809ddaf0680ef1b6bc39eb68f289 http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_amd64.deb Size/MD5 checksum: 11736 c0fab2bdad06343ae70ef3746148a04c http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-svgalib_0.8.6.h-4+lenny2.3_amd64.deb Size/MD5 checksum: 4808 527812d4ce1f0fc35d94866cf63629d5 http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_amd64.deb Size/MD5 checksum: 4228 95638af8b9294baa29d9a0132c7c5aea http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_amd64.deb Size/MD5 checksum: 464632 5318169f7995056f4d8f3f838845dd7f http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_amd64.deb Size/MD5 checksum: 4584 5bde9f4290e94c6bea5fa360564eb398 http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_amd64.deb Size/MD5 checksum: 4992 5e95335f96d367c5fe6db33379c98134 http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_amd64.deb Size/MD5 checksum: 1098934 6490a07517c0c8ddd06d07c28fea4d3c http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_amd64.deb Size/MD5 checksum: 503602 f3283c7f83fa145e37451b1b387aa2b6 arm architecture (ARM) http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_arm.deb Size/MD5 checksum: 5684 2e6aa6dffc515a4afeebb4cd3a193aca http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_arm.deb Size/MD5 checksum: 451878 bf1f672c4c4e572568cf7751c66f453d http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_arm.deb Size/MD5 checksum: 4922 21ed8194248ed5e72339d66ea3792a57 http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_arm.deb Size/MD5 checksum: 30820 aab5ab73c2d6142053fe0e5abe834fb1 http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_arm.deb Size/MD5 checksum: 6350 e2869ab1ec470e2a45cf48eec457f0ea http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_arm.deb Size/MD5 checksum: 11042 bd8a2681f5c185894e17483344233893 http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_arm.deb Size/MD5 checksum: 1158368 88e369480b8fe8add632efdd10c7bed9 http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_arm.deb Size/MD5 checksum: 437632 a0bf3dcdd2c821ed397cddf463a2534c http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_arm.deb Size/MD5 checksum: 4971362 090dc8593e8a5bdbdb4c4e7eeacde7cc http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_arm.deb Size/MD5 checksum: 4278 30350bf207d74bec71d8c9db809d985a armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_armel.deb Size/MD5 checksum: 5922 0ef769f9609e74497baf21c33ec9494a http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_armel.deb Size/MD5 checksum: 5070720 686ab823b16ca984ee47a0695a923d70 http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_armel.deb Size/MD5 checksum: 30056 a5f194058ca21fbff12d109f30ec8a47 http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_armel.deb Size/MD5 checksum: 452914 4bc5517c2e0441084dcec5046f170ae0 http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_armel.deb Size/MD5 checksum: 6706 8b8078b164876103b56c421f6662d131 http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_armel.deb Size/MD5 checksum: 7796 66988b70dad24695950ee0c247955cae http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_armel.deb Size/MD5 checksum: 12964 fc86ec663a5b27375bdff09f9762cdbc http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_armel.deb Size/MD5 checksum: 8122 ce00937f0c8fb058f4052d8689895eda http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_armel.deb Size/MD5 checksum: 1021850 c56637de8ac14c088b836f812d74161c http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_armel.deb Size/MD5 checksum: 436870 1185e33bcf082309719b5df0c85cb4a7 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_hppa.deb Size/MD5 checksum: 541268 7e52c09f5b65f533c88b9621e5b072e1 http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_hppa.deb Size/MD5 checksum: 7018 070740f2de6d7b4f6aee0c517b56b682 http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_hppa.deb Size/MD5 checksum: 608482 e4c21fbcb51f5152e097105aed2f2c01 http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_hppa.deb Size/MD5 checksum: 7932 734f21c7ad5181e67d5cf9ad7d931529 http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_hppa.deb Size/MD5 checksum: 1294278 6ef4063de66524a9fe74c8562230330c http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_hppa.deb Size/MD5 checksum: 5454 57a1cf387ba2eb58744bef5a1852463d http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_hppa.deb Size/MD5 checksum: 42192 74c4f7ba543b3209030d7ec6bf7ca5c8 http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_hppa.deb Size/MD5 checksum: 5880 83890b578b1e2f2ff551dfc56f687a80 http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_hppa.deb Size/MD5 checksum: 13968 4e535f5d5f471b76f06462317bbeb946 http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_hppa.deb Size/MD5 checksum: 5410024 eecb0ab5dc9ad84444153fd24c63e058 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-svgalib_0.8.6.h-4+lenny2.3_i386.deb Size/MD5 checksum: 4862 0391368ff9ad6f2578326b75954719c4 http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_i386.deb Size/MD5 checksum: 37000 f32955f458f5972e2207033ae4d9e5c7 http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_i386.deb Size/MD5 checksum: 5164 e2ffe015b93cc9254786dec4d4899802 http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_i386.deb Size/MD5 checksum: 4398 7bd8887cd72dabecc8d0fbb56081a88b http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_i386.deb Size/MD5 checksum: 11110 f82aa8b2e76f2f6c0b9e5d700c8b3aed http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_i386.deb Size/MD5 checksum: 5260 89f63aca8a9bedba77eadc376a214537 http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-glide_0.8.6.h-4+lenny2.3_i386.deb Size/MD5 checksum: 4270 ed7191fc387f312c76d0190c82360972 http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_i386.deb Size/MD5 checksum: 1086096 b85b2f3532b266ea4cd9f10d9cf378a9 http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_i386.deb Size/MD5 checksum: 479830 c1315abfccc58a0296f94d230b488cc9 http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_i386.deb Size/MD5 checksum: 462600 0ac807094d792fa08f8c57ee693029bb http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_i386.deb Size/MD5 checksum: 4982484 d3c59c4dbb6121da5ad29bf2302d8c57 http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_i386.deb Size/MD5 checksum: 6138 a40c8b47730da46db0f35951e47c7ad5 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_ia64.deb Size/MD5 checksum: 768354 e00a8927c8b939eb3c4ea80a4d47f84a http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_ia64.deb Size/MD5 checksum: 6177172 5af7398ad77420866fac5f583bb75171 http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_ia64.deb Size/MD5 checksum: 17798 9b5b1c30becd2c11ccf71bfb2e6381d4 http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_ia64.deb Size/MD5 checksum: 1485690 8c531912a51d54584bd0156d6f2e8ff1 http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_ia64.deb Size/MD5 checksum: 879968 df20fffcf3db3547e1346abf8c63c0e5 http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_ia64.deb Size/MD5 checksum: 5460 6b3f9411a239a8fc735f9c367d15a7dc http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_ia64.deb Size/MD5 checksum: 9342 4baee397c99f80c3a1a3f07c63862e13 http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_ia64.deb Size/MD5 checksum: 6530 314ed70fb71338bc690aaecb2722e532 http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_ia64.deb Size/MD5 checksum: 49164 4cf965a6bb7899e22bbf29be5e3ab1a5 http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_ia64.deb Size/MD5 checksum: 6234 ac5ee4b3bafc91d5303dea2c6c119882 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_mipsel.deb Size/MD5 checksum: 6754 79c2f255cf9cdec5fa67531ecb978e6c http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_mipsel.deb Size/MD5 checksum: 5912 11c384b0c05c467f79b25dd8a081de43 http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_mipsel.deb Size/MD5 checksum: 12004 d30bb915e6cbdd34c3391a15e15acd63 http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_mipsel.deb Size/MD5 checksum: 5354 cd3920ed733fa9de04e0169f09262af4 http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_mipsel.deb Size/MD5 checksum: 498620 3443b0f95fd28ca2914abcdb4bb8c600 http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_mipsel.deb Size/MD5 checksum: 5172616 2fc36f4a8ad7ad7fcb6abc602778c54d http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_mipsel.deb Size/MD5 checksum: 32500 d96e42a270af6614f0d68c5891c829ec http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_mipsel.deb Size/MD5 checksum: 1017456 4f32848bc28c4c4252bc3ec9197dbf09 http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_mipsel.deb Size/MD5 checksum: 4438 0ec174aba035daaaa4457334e805365b http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_mipsel.deb Size/MD5 checksum: 625374 d464c35b7e0f276cc5527ee9cf8c2a73 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_powerpc.deb Size/MD5 checksum: 6352 3d3be7e8e288da781921fbef509b2946 http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_powerpc.deb Size/MD5 checksum: 40356 bfa7ed89b5dd22812f85ab7d49e2e878 http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_powerpc.deb Size/MD5 checksum: 7460 2b3c0652a153d227e29d11ac204b9452 http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_powerpc.deb Size/MD5 checksum: 5436812 039840ddd95bb6dcc1fbc41dfbfa3975 http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_powerpc.deb Size/MD5 checksum: 8858 4d02322e4ecbb07be816c5e773bce01a http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_powerpc.deb Size/MD5 checksum: 7756 9b8a747d11797cb131316b15e125e504 http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_powerpc.deb Size/MD5 checksum: 577042 41655820f0840397ef3859433388715b http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_powerpc.deb Size/MD5 checksum: 15316 f53174437c44cc1a1a36fe10473d678b http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_powerpc.deb Size/MD5 checksum: 1152232 227675a8c08866f2422232398f24ac83 http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_powerpc.deb Size/MD5 checksum: 510766 70d5d4fc8c7e748ddff0c3fee613d7e4 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_s390.deb Size/MD5 checksum: 11430 21be5a24962b0b6b3c004b64e26f2d5e http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_s390.deb Size/MD5 checksum: 5077640 40ea5cda403ea5d2b435d8cd6047c938 http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_s390.deb Size/MD5 checksum: 6570 d29886063467f952d24c85b1dd5c5608 http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_s390.deb Size/MD5 checksum: 5984 7c89e70f6f971d07e6e555c107f5e1da http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_s390.deb Size/MD5 checksum: 4396 f0b70c6833b30d171c5262dec5c282a4 http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_s390.deb Size/MD5 checksum: 517820 3e541ac71328e6b21fe48a2fba79b51e http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_s390.deb Size/MD5 checksum: 1133476 c372e810f0f898349a3911cdfa1df549 http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_s390.deb Size/MD5 checksum: 492794 1055c3326741e472dd9e938791cc6f9f http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_s390.deb Size/MD5 checksum: 38666 2f278774a90bee082d041191fac35739 http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_s390.deb Size/MD5 checksum: 5502 dbb587797e52e5d14334b1d496bccd00 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_sparc.deb Size/MD5 checksum: 33540 381f230f7b48a55975035534059e26f1 http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_sparc.deb Size/MD5 checksum: 1099470 00374604b1126ffc507189b591d10cca http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_sparc.deb Size/MD5 checksum: 5934 248d16eda12621b0b40416424aa09fbd http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_sparc.deb Size/MD5 checksum: 4768 c16aee4a4530c35e6c86f7e729aadb6e http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_sparc.deb Size/MD5 checksum: 10410 70ddca6ae178a0c17e61e38388bd3733 http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_sparc.deb Size/MD5 checksum: 482220 73c4554acdbdf7fd357802f6a7fa17d9 http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_sparc.deb Size/MD5 checksum: 438814 9197209c27e086cc5d26b1fa1ee08339 http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_sparc.deb Size/MD5 checksum: 4915278 24f3791bfbef97b0102853b9b1e32648 http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_sparc.deb Size/MD5 checksum: 4896 c96cddbc96bab48c57dc213707bbefbe http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_sparc.deb Size/MD5 checksum: 4018 4008065d59095a7de2d8063aeaa21603 ORIGINAL ADVISORY: DSA-2043-1: http://lists.debian.org/debian-security-announce/2010/msg00084.html OTHER REFERENCES: SA36037: http://secunia.com/advisories/36037/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue May 11 14:53:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 11 May 2010 23:53:44 +0200 Subject: [SEC] [SA39768] Advanced Poll "mysql_host" Cross-Site Scripting Vulnerability Message-ID: <201005112153.o4BLriKZ012219@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Advanced Poll "mysql_host" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA39768 VERIFY ADVISORY: http://secunia.com/advisories/39768/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in Advanced Poll, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "mysql_host" parameter in misc/get_admin.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 2.0.8. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: http://www.htbridge.ch/advisory/xss_vulnerability_in_advanced_poll.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue May 11 15:07:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 12 May 2010 00:07:49 +0200 Subject: [SEC] [SA39794] Debian update for mplayer Message-ID: <201005112207.o4BM7nPQ032498@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Debian update for mplayer SECUNIA ADVISORY ID: SA39794 VERIFY ADVISORY: http://secunia.com/advisories/39794/ DESCRIPTION: Debian has issued an update for mplayer. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system. For more information: SA36041 SOLUTION: Apply updated packages. -- Debian GNU/Linux 5.0 alias lenny -- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2.dsc Size/MD5 checksum: 2108 9ca97232aaa217afe30aef9800fdde5b http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2.diff.gz Size/MD5 checksum: 360178 0cc960471e6ec0348456c014c774d941 http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2.orig.tar.gz Size/MD5 checksum: 11727998 f1da15bc4accee0a5551928e31d7b779 Architecture independent packages: http://security.debian.org/pool/updates/main/m/mplayer/mplayer-doc_1.0~rc2-17+lenny3.2_all.deb Size/MD5 checksum: 2462986 7cc9feae37dfc8b1be944894a9891689 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_alpha.deb Size/MD5 checksum: 3236612 5481602134b6af1771014eb7421de776 http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_alpha.deb Size/MD5 checksum: 2233470 f033d746bfcd34cd209881b0331ef76f amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_amd64.deb Size/MD5 checksum: 3034790 7a9f3b0f603f127a59d9b0f1809b824f http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_amd64.deb Size/MD5 checksum: 2281646 44731cb89ba3b80811d38cebc1172a5c arm architecture (ARM) http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_arm.deb Size/MD5 checksum: 2705438 76a8e88ec753cebda6fb72b6906b5a14 http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_arm.deb Size/MD5 checksum: 1977840 e6911242b55c4b5e906f433509491f99 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_hppa.deb Size/MD5 checksum: 2052866 ca07a7fa2a1d81132457b3a2ae2f8223 http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_hppa.deb Size/MD5 checksum: 2896686 a47fda1190c2460980aef76ea297f0bd i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_i386.deb Size/MD5 checksum: 2370060 38e7272ca5582496be4a2f60f627f4b0 http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_i386.deb Size/MD5 checksum: 3032114 fa1a9d2c47430dadc81bd41ab6620cd2 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_ia64.deb Size/MD5 checksum: 2056822 333d96f89bdf9d180c411501d952299e http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_ia64.deb Size/MD5 checksum: 3580016 ea7ae7ac0e7837cec6b1bc4be405eef0 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_mips.deb Size/MD5 checksum: 2847092 9b8f943f84c5c60eea7d20ad0ebf0826 http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_mips.deb Size/MD5 checksum: 2120824 00788d698af99aad978503ea23bdd8b3 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_mipsel.deb Size/MD5 checksum: 2064680 ff215968a214023be4dbb3875554c72b http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_mipsel.deb Size/MD5 checksum: 2840214 003e55d7e3c6b127a41b16ab99f09c43 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_powerpc.deb Size/MD5 checksum: 1991722 a94b911fecf6f37d14d5de2d1fe9a0ed http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_powerpc.deb Size/MD5 checksum: 2867096 b6e68c0ff32e3974b0c84726ce57e215 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_s390.deb Size/MD5 checksum: 2128050 b4075e1fb1350e32061cf5635b9b9556 http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_s390.deb Size/MD5 checksum: 2779844 b14c2c35e7287400b7c92f83b957061d sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/m/mplayer/mplayer-dbg_1.0~rc2-17+lenny3.2_sparc.deb Size/MD5 checksum: 1898760 cbb824eafc9af867275f4abffbc89cd7 http://security.debian.org/pool/updates/main/m/mplayer/mplayer_1.0~rc2-17+lenny3.2_sparc.deb Size/MD5 checksum: 2688394 52c4508095e92e4e30b8a3d5da56b1fe ORIGINAL ADVISORY: DSA-2044-1: http://lists.debian.org/debian-security-announce/2010/msg00085.html OTHER REFERENCES: SA36041: http://secunia.com/advisories/36041/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue May 11 15:20:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 12 May 2010 00:20:43 +0200 Subject: [SEC] [SA39771] SUSE update for Multiple Packages Message-ID: <201005112220.o4BMKhG5020323@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for Multiple Packages SECUNIA ADVISORY ID: SA39771 VERIFY ADVISORY: http://secunia.com/advisories/39771/ DESCRIPTION: SUSE has issued an update for multiple packages. This fixes multiple vulnerabilities where some have an unknown impact and others can be exploited by malicious, local users to bypass certain security restrictions and cause a DoS (Denial of Service), by malicious users to conduct script insertion and SQL injection attacks and cause a DoS (Denial of Service), and by malicious people to conduct spoofing, cross-site scripting, and SQL injection attacks, manipulate certain data, disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system. For more information: SA30134 SA33848 SA35284 SA36138 SA36159 SA36425 SA37255 SA37291 SA37372 SA37495 SA38261 SA38774 SA38836 SA39129 SA39365 SA39568 SA39576 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SR:2010:011: http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html OTHER REFERENCES: SA30134: http://secunia.com/advisories/30134/ SA33848: http://secunia.com/advisories/33848/ SA35284: http://secunia.com/advisories/35284/ SA36138: http://secunia.com/advisories/36138/ SA36159: http://secunia.com/advisories/36159/ SA36425: http://secunia.com/advisories/36425/ SA37255: http://secunia.com/advisories/37255/ SA37291: http://secunia.com/advisories/37291/ SA37372: http://secunia.com/advisories/37372/ SA37495: http://secunia.com/advisories/37495/ SA38261: http://secunia.com/advisories/38261/ SA38774: http://secunia.com/advisories/38774/ SA38836: http://secunia.com/advisories/38836/ SA39129: http://secunia.com/advisories/39129/ SA39365: http://secunia.com/advisories/39365/ SA39568: http://secunia.com/advisories/39568/ SA39576: http://secunia.com/advisories/39576/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue May 11 15:41:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 12 May 2010 00:41:38 +0200 Subject: [SEC] [SA39783] Serendipity Xinha Configuration Variable Overwrite Vulnerabilities Message-ID: <201005112241.o4BMfcmT008493@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Serendipity Xinha Configuration Variable Overwrite Vulnerabilities SECUNIA ADVISORY ID: SA39783 VERIFY ADVISORY: http://secunia.com/advisories/39783/ DESCRIPTION: Stefan Esser has reported some vulnerabilities in Serendipity, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused due to the use of vulnerable Xinha code. For more information: SA39782 The vulnerabilities are reported in version 1.5.2. Prior versions may also be affected. SOLUTION: Update to version 1.5.3. PROVIDED AND/OR DISCOVERED BY: Stefan Esser ORIGINAL ADVISORY: Serendipity: http://blog.s9y.org/archives/217-Serendipity-1.5.3-released,-Security-Issue-with-Xinha.html Stefan Esser: http://php-security.org/2010/05/10/mops-2010-019-serendipity-wysiwyg-editor-plugin-configuration-injection-vulnerability/index.html OTHER REFERENCES: SA39782: http://secunia.com/advisories/39782/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue May 11 15:53:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 12 May 2010 00:53:37 +0200 Subject: [SEC] [SA39796] Fedora update for amsn Message-ID: <201005112253.o4BMrbTl028664@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Fedora update for amsn SECUNIA ADVISORY ID: SA39796 VERIFY ADVISORY: http://secunia.com/advisories/39796/ DESCRIPTION: Fedora has issued an update for amsn. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks. For more information: SA35621 SOLUTION: Apply updated packages via the yum utility ("yum update amsn"). ORIGINAL ADVISORY: FEDORA-2010-7373: http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041046.html FEDORA-2010-7378: http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041079.html OTHER REFERENCES: SA35621: http://secunia.com/advisories/35621/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue May 11 16:06:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 12 May 2010 01:06:41 +0200 Subject: [SEC] [SA39797] Fedora update for irssi Message-ID: <201005112306.o4BN6fAM016495@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Fedora update for irssi SECUNIA ADVISORY ID: SA39797 VERIFY ADVISORY: http://secunia.com/advisories/39797/ DESCRIPTION: Fedora has issued an update for irssi. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and bypass certain security restrictions. For more information: SA39365 SOLUTION: Apply updated packages via the yum utility ("yum update irssi"). ORIGINAL ADVISORY: FEDORA-2010-6629: http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041054.html OTHER REFERENCES: SA39365: http://secunia.com/advisories/39365/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue May 11 16:20:45 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 12 May 2010 01:20:45 +0200 Subject: [SEC] [SA39723] Mereo Directory Traversal Vulnerability Message-ID: <201005112320.o4BNKjel004364@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Mereo Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA39723 VERIFY ADVISORY: http://secunia.com/advisories/39723/ DESCRIPTION: A vulnerability has been discovered in Mereo, which can be exploited by malicious people to disclose sensitive information. The vulnerability is caused due to an input validation error when processing HTTP requests. This can be exploited to access files outside the web root folder via directory traversal attacks. The vulnerability is confirmed in version 1.9.1. Other versions may also be affected. SOLUTION: Use a proxy to filter malicious requests. PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: http://packetstormsecurity.org/1005-exploits/Mereo191-traversal.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed May 12 10:26:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 12 May 2010 19:26:40 +0200 Subject: [SEC] [SA39786] HP Systems Insight Manager Unauthorised Data Access Vulnerability Message-ID: <201005121726.o4CHQeSN009360@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: HP Systems Insight Manager Unauthorised Data Access Vulnerability SECUNIA ADVISORY ID: SA39786 VERIFY ADVISORY: http://secunia.com/advisories/39786/ DESCRIPTION: A vulnerability has been reported in HP Systems Insight Manager, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an unspecified error and can be exploited to gain access to certain data. The vulnerability is reported in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows in versions v5.3, v5.3 with Update 1, and v6.0. SOLUTION: Apply Hotfix. https://www.hp.com/go/swa HP-UX: Hot Fix Update Kit for HP SIM 5.3 Hot Fix Update Kit for HP SIM 6.0 Linux: Hot Fix Update Kit for HP SIM 5.3 Hot Fix Update Kit for HP SIM 6.0 Windows: Hot Fix Update Kit for HP SIM 5.3 Hot Fix Update Kit for HP SIM 6.0 PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02520 SSRT100071: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02085876 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed May 12 11:26:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 12 May 2010 20:26:35 +0200 Subject: [SEC] [SA39753] GhostScript PostScript File Processing Vulnerabilities Message-ID: <201005121826.o4CIQZBU031683@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: GhostScript PostScript File Processing Vulnerabilities SECUNIA ADVISORY ID: SA39753 VERIFY ADVISORY: http://secunia.com/advisories/39753/ DESCRIPTION: Dan Rosenberg has reported some vulnerabilities in GhostScript, which can potentially be exploited by malicious people to compromise a user's system. 1) An error in the processing of PostScript files can be exploited to cause a memory corruption via recursive function calls and may allow execution of arbitrary code via a specially crafted PostScript file. 2) An error in the handling of overly long identifiers can be exploited to cause a stack-based buffer overflow via a specially crafted PostScript file. Successful exploitation allows execution of arbitrary code. The vulnerabilities are reported in 8.70. Other versions may also be affected. SOLUTION: Do not process untrusted PostScript files. PROVIDED AND/OR DISCOVERED BY: Dan Rosenberg ORIGINAL ADVISORY: Dan Rosenberg: http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0135.html https://bugs.launchpad.net/ubuntu/+source/ghostscript/+bug/546009 http://bugs.ghostscript.com/show_bug.cgi?id=691295 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed May 12 12:26:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 12 May 2010 21:26:32 +0200 Subject: [SEC] [SA39320] TomatoCMS Script Insertion and SQL Injection Vulnerabilities Message-ID: <201005121926.o4CJQWQ8021630@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: TomatoCMS Script Insertion and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA39320 VERIFY ADVISORY: http://secunia.com/advisories/39320/ DESCRIPTION: Some vulnerabilities have been discovered in TomatoCMS, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct SQL injection attacks. 1) Input passed via the "content" parameter to index.php/admin/poll/add is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "Create new poll" permissions. 2) Input passed via the "meta" parameter to index.php/admin/category/add is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "Create new category" permissions. 3) Input passed via the "keyword" parameter to index.php/admin/tag/add is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "Create new tag" permissions. 4) Input passed via the "q" parameter to index.php/news/search is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 5) Input passed via the "title", "subTitle", and "author" parameters to index.php/admin/news/article/add is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "Add new article" permissions. The vulnerabilities are confirmed in version 2.0.4. Prior versions may also be affected. SOLUTION: Update to version 2.0.5. PROVIDED AND/OR DISCOVERED BY: 1 - 3) Reported by Russ McRee, HolisticInfoSec via Secunia 4, 5) Secunia Research ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2010-56/ http://secunia.com/secunia_research/2010-59/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed May 12 13:26:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 12 May 2010 22:26:37 +0200 Subject: [SEC] [SA39036] IrfanView PSD Image Parsing Two Vulnerabilities Message-ID: <201005122026.o4CKQbLA011577@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: IrfanView PSD Image Parsing Two Vulnerabilities SECUNIA ADVISORY ID: SA39036 VERIFY ADVISORY: http://secunia.com/advisories/39036/ DESCRIPTION: Secunia Research has discovered two vulnerabilities in IrfanView, which can be exploited by malicious people to compromise a user's system. 1) A sign-extension error when parsing certain PSD images can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted PSD file. 2) A boundary error when processing certain RLE compressed PSD images can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted PSD file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are confirmed in version 4.25. Other versions may also be affected. SOLUTION: Update to version 4.27. PROVIDED AND/OR DISCOVERED BY: Stefan Cornelius, Secunia Research. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2010-41 http://secunia.com/secunia_research/2010-42 IrfanView: http://irfanview.com/main_history.htm ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed May 12 14:20:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 12 May 2010 23:20:43 +0200 Subject: [SEC] [SA39707] Joomla Camp26 VisitorData Module Shell Command Injection Vulnerability Message-ID: <201005122120.o4CLKhnD001205@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Joomla Camp26 VisitorData Module Shell Command Injection Vulnerability SECUNIA ADVISORY ID: SA39707 VERIFY ADVISORY: http://secunia.com/advisories/39707/ DESCRIPTION: A vulnerability has been discovered in the Camp26 VisitorData module for Joomla, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "X-Forwarded-For" HTTP header is not properly sanitised before being used as a command line argument in tmpl/default.php. This can be exploited to inject arbitrary shell commands The vulnerability is confirmed in version 1.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Chip D3 Bi0s ORIGINAL ADVISORY: http://elotrolad0.blogspot.com/2010/05/modvisitordata-joomla-remoce-code.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed May 12 14:42:01 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 12 May 2010 23:42:01 +0200 Subject: [SEC] [SA39767] POE::Component::IRC Message Splitting Security Issue Message-ID: <201005122142.o4CLg1U4021949@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: POE::Component::IRC Message Splitting Security Issue SECUNIA ADVISORY ID: SA39767 VERIFY ADVISORY: http://secunia.com/advisories/39767/ DESCRIPTION: A security issue has been reported in POE::Component::IRC, which potentially can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to the component not properly filtering the carriage return character ("\r") in messages before sending them to the IRC server, which can be exploited to e.g. inject IRC commands. The vulnerability is reported in versions prior to 6.32. SOLUTION: Update to version 6.32. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://cpansearch.perl.org/src/HINRIK/POE-Component-IRC-6.32/Changes OTHER REFERENCES: Debian Bug #581194: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581194 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed May 12 14:54:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 12 May 2010 23:54:18 +0200 Subject: [SEC] [SA39773] Saurus CMS "pealkiri" Script Insertion Vulnerability Message-ID: <201005122154.o4CLsILf009743@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Saurus CMS "pealkiri" Script Insertion Vulnerability SECUNIA ADVISORY ID: SA39773 VERIFY ADVISORY: http://secunia.com/advisories/39773/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in Saurus CMS, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "pealkiri" parameter to admin/edit.php while editing articles is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires that the attacker has "Article list" edit permissions. The vulnerability is confirmed in version 4.7.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: http://www.htbridge.ch/advisory/xss_in_saurus_cms.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed May 12 15:07:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 13 May 2010 00:07:35 +0200 Subject: [SEC] [SA39770] Avaya Products Pango Denial of Service Vulnerability Message-ID: <201005122207.o4CM7ZZd029969@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Avaya Products Pango Denial of Service Vulnerability SECUNIA ADVISORY ID: SA39770 VERIFY ADVISORY: http://secunia.com/advisories/39770/ DESCRIPTION: Avaya has acknowledged a vulnerability in some Avaya products, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA38946 SOLUTION: The vendor recommends that local and network access to the affected systems be restricted until an update is available. ORIGINAL ADVISORY: ASA-2010-137: https://support.avaya.com/css/P8/documents/100082175 OTHER REFERENCES: SA38946: http://secunia.com/advisories/38946/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed May 12 15:21:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 13 May 2010 00:21:14 +0200 Subject: [SEC] [SA39792] MySQL Multiple Vulnerabilities Message-ID: <201005122221.o4CMLEfH017820@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: MySQL Multiple Vulnerabilities SECUNIA ADVISORY ID: SA39792 VERIFY ADVISORY: http://secunia.com/advisories/39792/ DESCRIPTION: Some vulnerabilities have been reported in MySQL, which can be exploited by malicious users to bypass certain security restrictions or potentially compromise a vulnerable system and by malicious people to cause a DoS (Denial of Service). 1) An error exists when processing the table name argument of a COM_FIELD_LIST command packet. This can be exploited to bypass privilege checks and e.g. read or delete content from a database table on the system by passing a specially crafted table name argument to COM_FIELD_LIST. 2) An unspecified error in the processing of packets can be exploited to cause a locked server state if a packet larger than the maximum size of one packet is received. 3) A boundary error when processing COM_FIELD_LIST command packets can be exploited to cause buffer overflow by passing an overly long table name argument to COM_FIELD_LIST. Successful exploitation of this vulnerability may allow execution of arbitrary code. The vulnerabilities are reported in versions prior to 5.1.47. SOLUTION: The vulnerabilities will be fixed in version 5.1.47. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MySQL: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-47.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed May 12 15:42:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 13 May 2010 00:42:05 +0200 Subject: [SEC] [SA39776] Cisco IronPort Desktop Flag Plug-in for Outlook Email Encryption Security Issue Message-ID: <201005122242.o4CMg53G005997@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Cisco IronPort Desktop Flag Plug-in for Outlook Email Encryption Security Issue SECUNIA ADVISORY ID: SA39776 VERIFY ADVISORY: http://secunia.com/advisories/39776/ DESCRIPTION: A security issue has been reported in the Cisco IronPort Desktop Flag Plug-in for Outlook, which can lead to the exposure of sensitive information. An error exists when composing multiple email messages simultaneously. If the first mail is sent using the "Send Secure" button, the error can lead to the remaining emails not being sent encrypted when using the "Send Secure" button. The security issue is reported in versions 6.2.4.3 up to but not including 6.5.0-006. SOLUTION: Compose only one email at a time when sending mail using the "Send Secure" button. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Cisco (cisco-sr-20100511-ironport): http://www.cisco.com/en/US/products/products_security_response09186a0080b2c505.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed May 12 15:54:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 13 May 2010 00:54:48 +0200 Subject: [SEC] [SA39760] Family Connections Multiple Vulnerabilities Message-ID: <201005122254.o4CMsm1Q026202@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Family Connections Multiple Vulnerabilities SECUNIA ADVISORY ID: SA39760 VERIFY ADVISORY: http://secunia.com/advisories/39760/ DESCRIPTION: Salvatore Fresta has discovered multiple vulnerabilities in Family Connections, which can be exploited by malicious users to bypass certain security restrictions and conduct SQL injection attacks. 1) Input passed via the "name" and "email" parameters to contact.php is not properly sanitised before being used to construct an email message. This can be exploited to inject arbitrary email headers by inserting newline characters in the parameters. 2) Input passed via the "id" parameter to recipes.php (when "delrecipe" and "confirmed" are set to any value), "category" parameter to gallery/upload.php, "aid" and "uid" parameters to addressbook.php (when "editsubmit" is set to any value), "id" parameter to calendar.php (when "edit" or "delconfirm" is set to any value), and "id" parameter to familynews.php (when "submitedit" or "delconfirm" is set to any value) is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 2.2.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Salvatore Fresta aka Drosophila ORIGINAL ADVISORY: http://www.salvatorefresta.net/?opt=newsid&id=21 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed May 12 16:06:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 13 May 2010 01:06:39 +0200 Subject: [SEC] [SA39730] Torque Game Engine Denial of Service Vulnerabilities Message-ID: <201005122306.o4CN6dSd013974@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Torque Game Engine Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA39730 VERIFY ADVISORY: http://secunia.com/advisories/39730/ DESCRIPTION: Some vulnerabilities have been reported in Torque Game Engine, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) A vulnerability is caused due to an error in the processing of connection requests, which can be exploited to cause a crash of an application using the engine. Successful exploitation requires that an attacker is able to join the server. 2) Various errors in the processing of network packets can be exploited to cause a crash, but may only affect certain games using the engine. SOLUTION: Host games only in a trusted network environment. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/torqueer-adv.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed May 12 16:20:57 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 13 May 2010 01:20:57 +0200 Subject: [SEC] [SA39735] Debian update for libtheora Message-ID: <201005122320.o4CNKvW4001796@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Debian update for libtheora SECUNIA ADVISORY ID: SA39735 VERIFY ADVISORY: http://secunia.com/advisories/39735/ DESCRIPTION: Debian has issued an update for libtheora. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA37699 SOLUTION: Apply updated packages. -- Debian GNU/Linux 5.0 alias lenny -- Source archives: http://security.debian.org/pool/updates/main/libt/libtheora/libtheora_1.0~beta3-1+lenny1.diff.gz Size/MD5 checksum: 9211 4adde5563c493eb45e1db52ceda77873 http://security.debian.org/pool/updates/main/libt/libtheora/libtheora_1.0~beta3.orig.tar.gz Size/MD5 checksum: 1891923 8bdc4b8586b78ddd19afd7eec90dbaf0 http://security.debian.org/pool/updates/main/libt/libtheora/libtheora_1.0~beta3-1+lenny1.dsc Size/MD5 checksum: 1419 0495edbda8fc19ba77366666b52b3f96 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/libt/libtheora/libtheora0_1.0~beta3-1+lenny1_alpha.deb Size/MD5 checksum: 403190 629276252bf18d631224d55be765e6c8 http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-dev_1.0~beta3-1+lenny1_alpha.deb Size/MD5 checksum: 421266 bccc2e6181230946a28e3246c387017d http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-bin_1.0~beta3-1+lenny1_alpha.deb Size/MD5 checksum: 50136 413811f42c67ed9e1ea13e3ea0956320 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-dev_1.0~beta3-1+lenny1_amd64.deb Size/MD5 checksum: 362178 b4561c12c916ea3f35c6503ec038c149 http://security.debian.org/pool/updates/main/libt/libtheora/libtheora0_1.0~beta3-1+lenny1_amd64.deb Size/MD5 checksum: 289846 db3d1d0591544d5e706ec3a52864a6a8 http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-bin_1.0~beta3-1+lenny1_amd64.deb Size/MD5 checksum: 44034 d36e328b3ebd575a3050c50485a89309 arm architecture (ARM) http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-dev_1.0~beta3-1+lenny1_arm.deb Size/MD5 checksum: 360750 f6b0fb09ea0623205fc28f5de75bd353 http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-bin_1.0~beta3-1+lenny1_arm.deb Size/MD5 checksum: 44394 f7f8733b8ff1b70f70342997c2977fc6 http://security.debian.org/pool/updates/main/libt/libtheora/libtheora0_1.0~beta3-1+lenny1_arm.deb Size/MD5 checksum: 296862 58999f750e8f8b27505fc05ae8d44cfd armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-dev_1.0~beta3-1+lenny1_armel.deb Size/MD5 checksum: 360340 ba1692b1e4846130f8f829b3d35a84ad http://security.debian.org/pool/updates/main/libt/libtheora/libtheora0_1.0~beta3-1+lenny1_armel.deb Size/MD5 checksum: 293820 8b28eedfba4772c199c818afcbd6d37a http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-bin_1.0~beta3-1+lenny1_armel.deb Size/MD5 checksum: 50362 749321e42cb3c9f07331372f7631c50e hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/libt/libtheora/libtheora0_1.0~beta3-1+lenny1_hppa.deb Size/MD5 checksum: 344588 0cad5cb5d1bb329f796e35a1ecb9a8d1 http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-dev_1.0~beta3-1+lenny1_hppa.deb Size/MD5 checksum: 378716 897254b9195f164aa4ee8d1eb7d3a53f http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-bin_1.0~beta3-1+lenny1_hppa.deb Size/MD5 checksum: 49482 ebb455b75ba4aa01dc320fcb17f1c9ad i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-dev_1.0~beta3-1+lenny1_i386.deb Size/MD5 checksum: 335386 05fe606ecc411f6b3fe37423d74c8623 http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-bin_1.0~beta3-1+lenny1_i386.deb Size/MD5 checksum: 41506 8911aa359d16fc2a2680995100e85a7d http://security.debian.org/pool/updates/main/libt/libtheora/libtheora0_1.0~beta3-1+lenny1_i386.deb Size/MD5 checksum: 275724 2559a2649e90a42a727ea69d4198370f ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/libt/libtheora/libtheora0_1.0~beta3-1+lenny1_ia64.deb Size/MD5 checksum: 538602 c197380aca5abef9da5a643ea73b3b1e http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-bin_1.0~beta3-1+lenny1_ia64.deb Size/MD5 checksum: 65004 60f01930234153b1e1fdd5be3042d50c http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-dev_1.0~beta3-1+lenny1_ia64.deb Size/MD5 checksum: 478596 c93589ae67d483b4a7402142f9e68e74 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/libt/libtheora/libtheora0_1.0~beta3-1+lenny1_mips.deb Size/MD5 checksum: 345788 9107086573ff1ccb433a70fc69174cb8 http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-bin_1.0~beta3-1+lenny1_mips.deb Size/MD5 checksum: 49674 0badca1bacc739b84fcbdb482b54fb28 http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-dev_1.0~beta3-1+lenny1_mips.deb Size/MD5 checksum: 392358 df278772e719aa802f6b6659d14cae03 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/libt/libtheora/libtheora0_1.0~beta3-1+lenny1_powerpc.deb Size/MD5 checksum: 329800 4525279b78a4112dc72b35be1b0246c5 http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-bin_1.0~beta3-1+lenny1_powerpc.deb Size/MD5 checksum: 58448 1e5e67e6a78ac90c46d6efd12c09aa49 http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-dev_1.0~beta3-1+lenny1_powerpc.deb Size/MD5 checksum: 372872 c937a425cd74a00d3a4560b231ad0162 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-bin_1.0~beta3-1+lenny1_s390.deb Size/MD5 checksum: 47504 9c8033b3f24e93085cb21451c67d7db0 http://security.debian.org/pool/updates/main/libt/libtheora/libtheora0_1.0~beta3-1+lenny1_s390.deb Size/MD5 checksum: 306190 f8973e2551f272b54fa135a05cc68da2 http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-dev_1.0~beta3-1+lenny1_s390.deb Size/MD5 checksum: 348142 ecccb547f646e9fb284917b00f8b04db sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-bin_1.0~beta3-1+lenny1_sparc.deb Size/MD5 checksum: 43880 3caff6efac20f4bbc832ad35ef05c788 http://security.debian.org/pool/updates/main/libt/libtheora/libtheora-dev_1.0~beta3-1+lenny1_sparc.deb Size/MD5 checksum: 344678 70334aeaa751f5f08dedc1e87804fed8 http://security.debian.org/pool/updates/main/libt/libtheora/libtheora0_1.0~beta3-1+lenny1_sparc.deb Size/MD5 checksum: 270610 df122fae100726a66dee59845b8ce32d ORIGINAL ADVISORY: DSA-2045-1: http://lists.debian.org/debian-security-announce/2010/msg00086.html OTHER REFERENCES: SA37699: http://secunia.com/advisories/37699/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed May 12 16:41:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 13 May 2010 01:41:37 +0200 Subject: [SEC] [SA39757] HP OpenView Network Node Manager Multiple Vulnerabilities Message-ID: <201005122341.o4CNfbF9022423@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: HP OpenView Network Node Manager Multiple Vulnerabilities SECUNIA ADVISORY ID: SA39757 VERIFY ADVISORY: http://secunia.com/advisories/39757/ DESCRIPTION: Some vulnerabilities have been reported in HP OpenView Network Node Manager, which can be exploited by malicious people to compromise a vulnerable system. 1) A format string error exists within ovet_demandpoll.exe when copying strings from an HTTP request using the "vnsprintf()" function. This can be exploited to execute arbitrary code via a specially crafted string passed via the "sel" parameter. 2) A boundary error exists within the "_OVParseLLA()" function in ov.dll when copying strings from an HTTP request using the "strcpy()" function. This can be exploited to cause a stack-based buffer overflow by passing an overly long string to the "sel" parameter. 3) A boundary error exists within the doLoad() function in snmpviewer.exe when copying strings from an HTTP request using the "sprintf()" function with a "%s" format specifier. This can be exploited to cause a stack-based buffer overflow by passing an overly long string to the "act" and "app" parameters. 4) A boundary error exists within getnnmdata.exe when copying strings from an HTTP request using the "sprintf()" function. This can be exploited to caused a stack-based buffer overflow by passing an overly long string to the "MaxAge" parameter. 5) A boundary error exists within getnnmdata.exe when copying strings from an HTTP request using the "sprintf()" function. This can be exploited to caused a stack-based buffer overflow by passing an overly long string to the "iCount" parameter. 6) A boundary error exists within getnnmdata.exe when copying strings from an HTTP request using the "sprintf()" function. This can be exploited to caused a stack-based buffer overflow by passing an overly long string to the "Hostname" parameter. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in versions 7.01, 7.51, and 7.53 running on HP-UX, Linux, Solaris, and Windows. SOLUTION: Apply patches. http://support.openview.hp.com/selfsolve/patches -- HP OpenView Network Node Manager 7.53 -- HP-UX (IA): Apply patch PHSS_40708 or subsequent HP-UX (PA): Apply patch PHSS_40707 or subsequent Linux RedHatAS2.1: Apply patch LXOV_00103 or subsequent Linux RedHat4AS-x86_64: Apply patch LXOV_00104 or subsequent Solaris: Apply patch PSOV_03527 or subsequent Windows: Apply patch NNM_01203 or subsequent -- HP OpenView Network Node Manager 7.51 -- Upgrade to version 7.53 and apply patches. Patch bundles for upgrading from NNM v7.51 to NNM v5.53 are available using ftp: ftp://nnm_753:Update53 at ftp.usa.hp.com/ -- HP OpenView Network Node Manager 7.01 (IA) -- Upgrade to version 7.53 and apply patches. -- HP OpenView Network Node Manager 7.01 (PA) -- HP-UX (PA): Apply patch PHSS_40705 or subsequent Solaris: Apply patch PSOV_03526 or subsequent Windows: Apply patch NNM_01202 or subsequent PROVIDED AND/OR DISCOVERED BY: An anonymous person, reported via ZDI. ORIGINAL ADVISORY: HPSBMA02527 SSRT010098: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02153379 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-081 http://www.zerodayinitiative.com/advisories/ZDI-10-082 http://www.zerodayinitiative.com/advisories/ZDI-10-083 http://www.zerodayinitiative.com/advisories/ZDI-10-084 http://www.zerodayinitiative.com/advisories/ZDI-10-085 http://www.zerodayinitiative.com/advisories/ZDI-10-086 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed May 12 16:53:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 13 May 2010 01:53:39 +0200 Subject: [SEC] [SA39741] Movable Type Cross-Site Scripting Vulnerabilities Message-ID: <201005122353.o4CNrdUU010198@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Movable Type Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA39741 VERIFY ADVISORY: http://secunia.com/advisories/39741/ DESCRIPTION: Some vulnerabilities have been reported in Movable Type, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain input passed to the administrative interface is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in Movable Type Open Source 5.0 and 5.01 and Movable Type 5.0 and 5.01 (with Professional and Community Packs). SOLUTION: Update to version 5.02. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.movabletype.org/documentation/appendices/release-notes/movable-type-502.html OTHER REFERENCES: JVN#92854093: http://jvn.jp/en/jp/JVN92854093/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed May 12 17:06:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 13 May 2010 02:06:37 +0200 Subject: [SEC] [SA39790] Adobe ColdFusion Cross-Site Scripting and Information Disclosure Message-ID: <201005130006.o4D06bAv030421@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Adobe ColdFusion Cross-Site Scripting and Information Disclosure SECUNIA ADVISORY ID: SA39790 VERIFY ADVISORY: http://secunia.com/advisories/39790/ DESCRIPTION: Some vulnerabilities have been reported in Adobe ColdFusion, which can be exploited by malicious, local users to disclose sensitive information and by malicious people to conduct cross-site scripting attacks. 1) Certain unspecified input is not properly sanitised by a ColdFusion method before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Certain unspecified input passed to the ColdFusion Administrator page is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) An unspecified error can be exploited to disclose certain data. The vulnerabilities are reported in versions 8.0, 8.0.1, 9.0, and prior. SOLUTION: Apply vendor patches. http://kb2.adobe.com/cps/841/cpsid_84102.html PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Eric Stevens of Sanofi Pasteur, Inc. 2) The vendor credits Pete Freitag of Foundeo, Inc. 3) Reported by the vendor. ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/security/bulletins/apsb10-11.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed May 12 17:20:51 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 13 May 2010 02:20:51 +0200 Subject: [SEC] [SA38751] Adobe Shockwave Player Multiple Vulnerabilities Message-ID: <201005130020.o4D0Kpex018299@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Adobe Shockwave Player Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38751 VERIFY ADVISORY: http://secunia.com/advisories/38751/ DESCRIPTION: Some vulnerabilities have been reported in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. 1) A boundary error while processing FFFFFF45h Shockwave 3D blocks can be exploited to corrupt memory. 2) A signedness error in the processing of Director files can be exploited to corrupt memory. 3) An array indexing error when processing Director files can be exploited to corrupt memory. 4) An integer overflow error when processing Director files can be exploited to corrupt memory. 5) An error when processing asset entries contained in Director files can be exploited to corrupt memory. 6) A boundary error when processing embedded fonts can be exploited to cause a heap-based buffer overflow via a specially crafted Director file. 7) An error when processing Director files can be exploited to overwrite 4 bytes of memory. 8) An error in the implementation of ordinal function 1409 in iml32.dll can be exploited to corrupt heap memory via a specially crafted Director file. 9) An error when processing a 4-byte field inside FFFFFF49h Shockwave 3D blocks can be exploited to corrupt heap memory. 10) An unspecified error can be exploited to corrupt memory. 11) A second unspecified error can be exploited to corrupt memory. 12) A third unspecified error can be exploited to corrupt memory. 13) A fourth unspecified error can be exploited to cause a buffer overflow. 14) A fifth unspecified error can be exploited to corrupt memory. 15) A sixth unspecified error can be exploited to corrupt memory. 16) A seventh unspecified error can be exploited to corrupt memory. 17) An error when processing signed values encountered while parsing "pami" RIFF chunks can be exploited to corrupt memory. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in versions 11.5.6.606 and prior on Windows and Macintosh. SOLUTION: Update to version 11.5.7.609. http://get.adobe.com/shockwave/ PROVIDED AND/OR DISCOVERED BY: 1-6) Alin Rad Pop, Secunia Research The vendor also credits: 2) Nahuel Riva of Core Security Technologies. 3) Chaouki Bekrar of Vupen, Code Audit Labs, and an anonymous person working with iDefense. 7) Chaouki Bekrar and Sebastien Renaud of Vupen, Code Audit Labs, Gjoko Krstic of Zero Science Lab, and Chro HD of Fortinet's FortiGuard Labs. 8, 17) an anonymous person working with ZDI. 9) Chaouki Bekrar of Vupen and an anonymous person working with ZDI. 10) Chaouki Bekrar of Vupen. 11-16) Chro HD of Fortinet's FortiGuard Labs. CHANGELOG: 2010-05-12: Updated "Extended Description" and added PoCs for vulnerabilities #2, #3, #4, and #6. ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/security/bulletins/apsb10-12.html Secunia Research: http://secunia.com/secunia_research/2010-17/ http://secunia.com/secunia_research/2010-19/ http://secunia.com/secunia_research/2010-20/ http://secunia.com/secunia_research/2010-22/ http://secunia.com/secunia_research/2010-34/ http://secunia.com/secunia_research/2010-50/ ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-087/ http://www.zerodayinitiative.com/advisories/ZDI-10-088/ http://www.zerodayinitiative.com/advisories/ZDI-10-089/ iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=869 Code Audit Labs: http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0137.html http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0138.html http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0139.html Zero Science Lab: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4937.php Core Security Technologies: http://www.coresecurity.com/content/adobe-director-invalid-read ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed May 12 17:41:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 13 May 2010 02:41:38 +0200 Subject: [SEC] [SA39779] BlogEngine.NET Cumulus Widget "tagcloud" Cross-Site Scripting Vulnerability Message-ID: <201005130041.o4D0fcCw006458@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: BlogEngine.NET Cumulus Widget "tagcloud" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA39779 VERIFY ADVISORY: http://secunia.com/advisories/39779/ DESCRIPTION: MustLive has reported a vulnerability in the Cumulus widget for BlogEngine.NET, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "tagcloud" parameter to widgets/cumulus/tagcloud.swf (when "mode" is set to "tags") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: MustLive ORIGINAL ADVISORY: http://websecurity.com.ua/4184/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed May 12 17:53:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 13 May 2010 02:53:49 +0200 Subject: [SEC] [SA39756] Fedora update for couchdb Message-ID: <201005130053.o4D0rnXU026653@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Fedora update for couchdb SECUNIA ADVISORY ID: SA39756 VERIFY ADVISORY: http://secunia.com/advisories/39756/ DESCRIPTION: Fedora has issued an update for couchdb. This fixes a vulnerability, which can be exploited by malicious people to disclose sensitive information. For more information: SA39146 SOLUTION: Apply updated packages via the yum utility ("yum update couchdb"). ORIGINAL ADVISORY: FEDORA-2010-8275: https://admin.fedoraproject.org/updates/couchdb-0.10.2-1.fc11 FEDORA-2010-8298: https://admin.fedoraproject.org/updates/couchdb-0.10.2-1.fc12 OTHER REFERENCES: SA39146: http://secunia.com/advisories/39146/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 13 10:26:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 13 May 2010 19:26:48 +0200 Subject: [SEC] [SA39808] MigasCMS Xinha Configuration Variable Overwrite Vulnerabilities Message-ID: <201005131726.o4DHQmIA027287@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: MigasCMS Xinha Configuration Variable Overwrite Vulnerabilities SECUNIA ADVISORY ID: SA39808 VERIFY ADVISORY: http://secunia.com/advisories/39808/ DESCRIPTION: Some vulnerabilities have been discovered in MigasCMS, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused due to the use of vulnerable Xinha code. For more information: SA39782 The vulnerabilities are confirmed in version 1.0. Other versions may also be affected. SOLUTION: Restrict access to the xinha directories (e.g. via an .htaccess file). PROVIDED AND/OR DISCOVERED BY: Discovered in Xinha by Stefan Esser, reported in MigasCMS by eidelweiss. OTHER REFERENCES: SA39782: http://secunia.com/advisories/39782/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 13 11:26:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 13 May 2010 20:26:40 +0200 Subject: [SEC] [SA39795] OrangeHRM Multiple Vulnerabilities Message-ID: <201005131826.o4DIQeko017233@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: OrangeHRM Multiple Vulnerabilities SECUNIA ADVISORY ID: SA39795 VERIFY ADVISORY: http://secunia.com/advisories/39795/ DESCRIPTION: Some vulnerabilities have been discovered in OrangeHRM, which can be exploited by malicious users to conduct script insertion and SQL injection attacks and by malicious people to conduct cross-site scripting, cross-site request forgery, and script insertion attacks. 1) Input passed to the ESS (Employee Self-Service) e.g. via the "txtEmpLastName", "txtEmpFirstName", "txtEmpMiddleName", and "txtEmpNickName" parameters to lib/controllers/CentralController.php (when "reqcode" is set to "ESS", "capturemode" is set to "updatemode", and "id" is set) is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is viewed. 2) Input passed e.g. via the "txtFirstName" and "txtLastName" parameters to jobs.php (when "recruitcode" is set to "ApplicantApply") is not properly sanitised in lib/controllers/PublicController.php before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 3) Input passed e.g. via the "year" parameter to lib/controllers/CentralController.php (when "benifitcode" is set to "Benefits" and "action" is set to "List_Benifits_Schedule") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 4) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change email notification configurations by tricking an administrative user into visiting a malicious web site. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. 5) Input passed e.g. via the "loc_name" parameter to lib/controllers/CentralController.php (when "reqcode" is set to "EMP" and "VIEW" is set to "MAIN") is not properly sanitised before being displayed to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 2.5.0.4. Other versions may also be affected. NOTE: Other scripts and parameters may also be affected. A security issue related to authorization bypass in the Timesheet, Attendance, HSP, Recruitment, and Leave modules was also reported. SOLUTION: Filter malicious characters and character sequences in a proxy. Do not browse untrusted websites or follow untrusted links while logged in to the application. PROVIDED AND/OR DISCOVERED BY: 1 -4) Tam?s Czig?ny and Laszlo Klock, SecurityAngel 5) An anonymous person Additional information provided by Secunia Research. ORIGINAL ADVISORY: Tam?s Czig?ny and Laszlo Klock, SecurityAngel: http://archives.neohapsis.com/archives/bugtraq/2010-05/0056.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 13 12:26:53 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 13 May 2010 21:26:53 +0200 Subject: [SEC] [SA39529] aria2 metalink "name" Directory Traversal Vulnerability Message-ID: <201005131926.o4DJQr5l007183@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: aria2 metalink "name" Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA39529 VERIFY ADVISORY: http://secunia.com/advisories/39529/ DESCRIPTION: Secunia Research has discovered a vulnerability in aria2, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application not properly sanitising the "name" attribute of the "file" element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. The vulnerability is confirmed in version 1.9.1 build2. Other versions may also be affected. SOLUTION: Update to version 1.9.3. PROVIDED AND/OR DISCOVERED BY: Stefan Cornelius, Secunia Research. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2010-71/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 13 13:26:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 13 May 2010 22:26:41 +0200 Subject: [SEC] [SA39447] Free Download Manager Multiple Vulnerabilities Message-ID: <201005132026.o4DKQfqs029513@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Free Download Manager Multiple Vulnerabilities SECUNIA ADVISORY ID: SA39447 VERIFY ADVISORY: http://secunia.com/advisories/39447/ DESCRIPTION: Secunia Research has discovered some vulnerabilities in Free Download Manager, which can be exploited by malicious people to compromise a user's system. 1) A boundary error when opening folders within the "Site Explorer" functionality can be exploited to cause a stack-based buffer overflow. 2) A boundary error when e.g. opening websites in the "Site Explorer" functionality can be exploited to cause a stack-based buffer overflow. 3) A boundary error when setting the directory on FTP servers can be exploited to cause a stack-based buffer overflow. 4) A boundary error when handling redirects can be exploited to cause a stack-based buffer overflow. Successful exploitation of the vulnerabilities allows execution of arbitrary code. 5) The application does not properly sanitise the "name" attribute of the "file" element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. The vulnerabilities are confirmed in version 3.0 build 850. Other versions may also be affected. SOLUTION: Update to version 3.0 build 852. PROVIDED AND/OR DISCOVERED BY: Stefan Cornelius, Secunia Research. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2010-67/ http://secunia.com/secunia_research/2010-68/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 13 14:20:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 13 May 2010 23:20:40 +0200 Subject: [SEC] [SA39528] KDE KGet Insecure File Operation and Directory Traversal Message-ID: <201005132120.o4DLKeZ8019194@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: KDE KGet Insecure File Operation and Directory Traversal SECUNIA ADVISORY ID: SA39528 VERIFY ADVISORY: http://secunia.com/advisories/39528/ DESCRIPTION: Secunia Research has discovered two vulnerabilities in KDE, which can be exploited by malicious people to bypass certain security features and to compromise a user's system. 1) KGet does not properly sanitise the "name" attribute of the "file" element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. 2) When KGet displays a dialog box that allows a user to choose the file to download out of the options offered by a metalink file, KGet simply goes ahead and starts downloading the file without the user's acknowledgment, overwriting existing files of the same name. NOTE: These vulnerabilities can be exploited in combination to write or overwrite an arbitrary file in an arbitrary location on the users filesystem. The vulnerabilities are confirmed in KGet version 2.4.2 as included by KDE 4.4.2. Other versions may also be affected. SOLUTION: Apply the patches. KDE 4.3: Apply r1126227 svn://anonsvn.kde.org/home/kde/branches/KDE/4.3/kdenetwork KDE 4.4: Apply r1124974 svn://anonsvn.kde.org/home/kde/branches/KDE/4.4/kdenetwork PROVIDED AND/OR DISCOVERED BY: Stefan Cornelius, Secunia Research ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2010-69/ http://secunia.com/secunia_research/2010-70/ KDE: http://kde.org/info/security/advisory-20100513-1.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 13 14:42:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 13 May 2010 23:42:02 +0200 Subject: [SEC] [SA39732] Drupal Storm Module Multiple Script Insertion Vulnerabilities Message-ID: <201005132142.o4DLg2iv007494@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Drupal Storm Module Multiple Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA39732 VERIFY ADVISORY: http://secunia.com/advisories/39732/ DESCRIPTION: Black Packeteer has discovered some vulnerabilities in the Storm module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "fullname", "address", "city", "provstate", "phone", and "taxid" parameters to index.php (when "q" is set to "node/add/stormorganization"), the "name", "fullname", "phone", and "im" parameters to index.php (when "q" is set to "node/add/stormperson"), the "stepno" and "title" parameters to index.php (when "q" is set to "node/add/stormtask"), and the "title" parameter to index.php (when "q" is set to "node/add/stormticket") is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires permissions to administer the "stormorganization", "stormperson", "stormproject", "stormtask", or "stormticket" modules. The vulnerabilities are confirmed in version 6.x-1.32. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Black Packeteer ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0160.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 13 14:54:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 13 May 2010 23:54:04 +0200 Subject: [SEC] [SA39748] Invision Power Board Script Insertion Vulnerability Message-ID: <201005132154.o4DLs4tj027667@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Invision Power Board Script Insertion Vulnerability SECUNIA ADVISORY ID: SA39748 VERIFY ADVISORY: http://secunia.com/advisories/39748/ DESCRIPTION: A vulnerability has been reported in Invision Power Board (IP.Board), which can be exploited by malicious people to conduct script insertion attacks. Unspecified input passed via BBCodes is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user browser session in context of an affected site when the malicious data is being viewed. The vulnerability is reported in version 2.3.6 and 3.0.5. Other versions may also be affected. SOLUTION: Apply the patch. Invision Power Board 2.3.6: Apply 236xss_march10.zip http://community.invisionpower.com/index.php?app=core&module=attach§ion=attach&attach_id=22384 IP.Board 3.0.5: Apply 305-march-10.zip http://community.invisionpower.com/index.php?app=core&module=attach§ion=attach&attach_id=22557 PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://community.invisionpower.com/topic/306221-ipboard-236-and-305-security-update/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 13 15:07:50 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 14 May 2010 00:07:50 +0200 Subject: [SEC] [SA39754] Invision Power Board Image Disclosure Vulnerability Message-ID: <201005132207.o4DM7oAp015524@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Invision Power Board Image Disclosure Vulnerability SECUNIA ADVISORY ID: SA39754 VERIFY ADVISORY: http://secunia.com/advisories/39754/ DESCRIPTION: A vulnerability has been reported in Invision Power Board (IP.Board), which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an unspecified error, which can be exploited to view images in an arbitrary directory on the server. The vulnerability is reported in version 3.0.5. Other versions may also be affected. SOLUTION: Apply the patch. 3.0.5_3.31.2010.zip http://community.invisionpower.com/index.php?app=core&module=attach§ion=attach&attach_id=22870 PROVIDED AND/OR DISCOVERED BY: The vendor credits Cryptovirus. ORIGINAL ADVISORY: http://community.invisionpower.com/topic/308032-ipboard-305-security-update/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 13 15:21:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 14 May 2010 00:21:00 +0200 Subject: [SEC] [SA39788] Majesty GEM Engine Multiple Vulnerabilities Message-ID: <201005132221.o4DML0d8003344@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Majesty GEM Engine Multiple Vulnerabilities SECUNIA ADVISORY ID: SA39788 VERIFY ADVISORY: http://secunia.com/advisories/39788/ DESCRIPTION: Luigi Auriemma has reported multiple vulnerabilities in Majesty, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerabilities are caused due to the usage of a vulnerable GEM Engine version. For more information: SA36273 The vulnerabilities are reported in version 2. Other versions may also be affected. SOLUTION: Host games only in a trusted network environment. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/gem3bugs-adv.txt OTHER REFERENCES: SA36273: http://secunia.com/advisories/36273/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 13 15:42:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 14 May 2010 00:42:08 +0200 Subject: [SEC] [SA39793] GameCore Engine GameID Field Parsing Integer Overflow Vulnerability Message-ID: <201005132242.o4DMg8vm023943@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: GameCore Engine GameID Field Parsing Integer Overflow Vulnerability SECUNIA ADVISORY ID: SA39793 VERIFY ADVISORY: http://secunia.com/advisories/39793/ DESCRIPTION: Luigi Auriemma has reported a vulnerability in GameCore Engine, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an integer overflow error when processing the GameID field and can be exploited to corrupt memory and crash the game via a specially crafted UDP packet. The vulnerability is reported in version 2.5. Other versions may also be affected. SOLUTION: Host games only in a trusted network environment. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/gamecorex-adv.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 13 15:54:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 14 May 2010 00:54:54 +0200 Subject: [SEC] [SA39804] Drupal Services Module Session ID Authentication Security Bypass Message-ID: <201005132254.o4DMss43011748@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Drupal Services Module Session ID Authentication Security Bypass SECUNIA ADVISORY ID: SA39804 VERIFY ADVISORY: http://secunia.com/advisories/39804/ DESCRIPTION: A security issue has been reported in the Services module for Drupal, which can be exploited by malicious users to bypass certain security restrictions. The security issue is caused due to an error in the handling of access permissions when using session ID authentication without API key authentication. This can be exploited to access otherwise restricted functionality via a service which uses the default access callback. The security issue is reported in versions prior to 6.x-2.1. SOLUTION: Update to version 6.x-2.1. http://drupal.org/node/797264 PROVIDED AND/OR DISCOVERED BY: The vendor credits Edsko de Vries. ORIGINAL ADVISORY: SA-CONTRIB-2010-047: http://drupal.org/node/797268 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 13 16:06:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 14 May 2010 01:06:32 +0200 Subject: [SEC] [SA39712] HP Insight Control Server Migration for Windows Cross-Site Scripting Message-ID: <201005132306.o4DN6WKq031908@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: HP Insight Control Server Migration for Windows Cross-Site Scripting SECUNIA ADVISORY ID: SA39712 VERIFY ADVISORY: http://secunia.com/advisories/39712/ DESCRIPTION: Some vulnerabilities have been reported in HP Insight Control, which can be exploited by malicious people to conduct cross-site scripting attacks. Unspecified input passed to server migration for Windows is not properly sanitised before being returned to users. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in versions prior to 6.0. SOLUTION: Upgrade to version 6.0 or later. http://h18000.www1.hp.com/products/servers/management/fpdownload.html ORIGINAL ADVISORY: HPSBMA02522 SSRT100086: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02114879 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 13 16:21:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 14 May 2010 01:21:42 +0200 Subject: [SEC] [SA39811] Drupal Wordfilter Module Script Insertion Vulnerability Message-ID: <201005132321.o4DNLgai019835@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Drupal Wordfilter Module Script Insertion Vulnerability SECUNIA ADVISORY ID: SA39811 VERIFY ADVISORY: http://secunia.com/advisories/39811/ DESCRIPTION: A vulnerability has been reported in the Wordfilter module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the list of banned words and their replacements is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "administer words filtered" permissions. The vulnerability is reported in versions prior to 6.x-1.1 and 5.x-1.1. SOLUTION: Update to the latest version. Wordfilter module 6.x: Update to version 6.x-1.1. http://drupal.org/node/796618 Wordfilter module 5.x: Update to version 5.x-1.1. http://drupal.org/node/796620 PROVIDED AND/OR DISCOVERED BY: The vendor credits mr.baileys of the Drupal Security Team ORIGINAL ADVISORY: SA-CONTRIB-2010-043: http://drupal.org/node/797208 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 13 16:42:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 14 May 2010 01:42:32 +0200 Subject: [SEC] [SA39812] Drupal LoginToboggan Session Fixation Vulnerability Message-ID: <201005132342.o4DNgWDM008003@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Drupal LoginToboggan Session Fixation Vulnerability SECUNIA ADVISORY ID: SA39812 VERIFY ADVISORY: http://secunia.com/advisories/39812/ DESCRIPTION: A vulnerability has been reported in the LoginToboggan module for Drupal, which can be exploited by malicious people to conduct session fixation attacks. The vulnerability is caused due to an error in the handling of sessions and can be exploited to hijack another user's session by tricking the user into logging in after following a specially crafted link. The vulnerability is reported in versions prior to 6.x-1.7 and 5.x-1.7. SOLUTION: Update to the latest version. LoginToboggan module 6.x: Update to version 6.x-1.7. http://drupal.org/node/797158 LoginToboggan module 5.x: Update to version 5.x-1.7. http://drupal.org/node/797154 PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: SA-CONTRIB-2010-042: http://drupal.org/node/797142 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 13 16:54:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 14 May 2010 01:54:43 +0200 Subject: [SEC] [SA39807] Drupal Auto Assign Role Module Security Bypass Message-ID: <201005132354.o4DNshAE028178@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Drupal Auto Assign Role Module Security Bypass SECUNIA ADVISORY ID: SA39807 VERIFY ADVISORY: http://secunia.com/advisories/39807/ DESCRIPTION: A security issue has been reported in the Auto Assign Role module for Drupal, which can be exploited by malicious users to bypass certain security restrictions. An error in the handling of access permissions can be exploited to view the contents of otherwise restricted nodes. Successful exploitation requires "administer autoassignrole" permissions. The security issue is reported in versions prior to 6.x-1.2. SOLUTION: Update to version 6.x-1.2. http://drupal.org/node/795926 PROVIDED AND/OR DISCOVERED BY: The vendor credits mr.baileys ORIGINAL ADVISORY: SA-CONTRIB-2010-045: http://drupal.org/node/797216 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 13 17:07:53 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 14 May 2010 02:07:53 +0200 Subject: [SEC] [SA39809] Drupal Award Module Script Insertion Vulnerability Message-ID: <201005140007.o4E07r95016020@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Drupal Award Module Script Insertion Vulnerability SECUNIA ADVISORY ID: SA39809 VERIFY ADVISORY: http://secunia.com/advisories/39809/ DESCRIPTION: A vulnerability has been reported in the Award module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the award title is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session when the malicious data is being viewed. Successful exploitation requires permissions to create Award content. The vulnerability is reported in versions prior to 6.x-1.1 and 5.x-1.2. SOLUTION: Update to the latest version. Award module 6.x: Update to version 6.x-1.1. http://drupal.org/node/795828 Award module 5.x: Update to version 5.x-1.2. http://drupal.org/node/795836 PROVIDED AND/OR DISCOVERED BY: The vendor credits Martin Barbella. ORIGINAL ADVISORY: SA-CONTRIB-2010-046: http://drupal.org/node/797236 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 13 17:21:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 14 May 2010 02:21:36 +0200 Subject: [SEC] [SA39763] MiniWebSvr Directory Traversal Vulnerability Message-ID: <201005140021.o4E0La2c003866@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: MiniWebSvr Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA39763 VERIFY ADVISORY: http://secunia.com/advisories/39763/ DESCRIPTION: A vulnerability has been discovered in MiniWebSvr, which can be exploited by malicious people to disclose sensitive information. An input sanitation error within the handling of HTTP requests can be exploited to display arbitrary files outside the web root directory via traversal sequences of the form "/%c0.%c0.". The vulnerability is confirmed in version 0.0.10. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: Dr_IDE ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 13 17:42:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 14 May 2010 02:42:35 +0200 Subject: [SEC] [SA39810] Drupal Bibliography Module Script Insertion Vulnerability Message-ID: <201005140042.o4E0gZD4024449@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Drupal Bibliography Module Script Insertion Vulnerability SECUNIA ADVISORY ID: SA39810 VERIFY ADVISORY: http://secunia.com/advisories/39810/ DESCRIPTION: A vulnerability has been reported in the Bibliography module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Certain unspecified input is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "administer biblio" permissions. The vulnerability is reported in versions prior to 6.x-1.11 and 5.x-1.20. SOLUTION: Update to the latest version. Bibliography module 6.x: Update to version 6.x-1.11. http://drupal.org/node/796502 Bibliography module 5.x: Update to version 5.x-1.20. http://drupal.org/node/796498 PROVIDED AND/OR DISCOVERED BY: The vendor credits Martin Barbella ORIGINAL ADVISORY: SA-CONTRIB-2010-044: http://drupal.org/node/797192 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 13 17:54:53 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 14 May 2010 02:54:53 +0200 Subject: [SEC] [SA39774] Fedora update for xar Message-ID: <201005140054.o4E0srDd012228@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Fedora update for xar SECUNIA ADVISORY ID: SA39774 VERIFY ADVISORY: http://secunia.com/advisories/39774/ DESCRIPTION: Fedora has issued an update for xar. This fixes a security issue, which can potentially be exploited to bypass certain security restrictions. A design error in xar when validating package signatures may result in manipulated packages appearing as validly signed. SOLUTION: Apply updated packages via the yum utility ("yum update xar"). ORIGINAL ADVISORY: FEDORA-2010-7631: http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041276.html FEDORA-2010-7670: http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041305.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 13 18:07:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 14 May 2010 03:07:36 +0200 Subject: [SEC] [SA39733] Cisco PGW 2200 Softswitch Multiple Denial of Service Vulnerabilities Message-ID: <201005140107.o4E17ak6032453@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Cisco PGW 2200 Softswitch Multiple Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA39733 VERIFY ADVISORY: http://secunia.com/advisories/39733/ DESCRIPTION: Multiple vulnerabilities have been reported in Cisco PGW 2200 Softswitch, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) Multiple unspecified errors exist in the processing of Session Initiation Protocol (SIP) messages, which can be exploited to cause an affected system to crash. 2) An unspecified error exists in the processing of Media Gateway Control Protocol (MGCP) messages, which can be exploited to cause an affected system to crash. 3) An unspecified error can be exploited to exhaust all TCP sockets and cause an affected system to be unable to accept or create new TCP connections. SOLUTION: Update to Cisco PGW 2200 Softswitch version 9.7(3)S11 or 9.8(1)S5 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Cisco (cisco-sa-20100512-pgw): http://www.cisco.com/en/US/products/products_security_advisory09186a0080b2c519.shtml OTHER REFERENCES: Cisco Applied Mitigation Bulletin: http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b2c51a.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 13 18:21:51 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 14 May 2010 03:21:51 +0200 Subject: [SEC] [SA39806] Drupal CiviRegister Module Script Insertion Vulnerability Message-ID: <201005140121.o4E1Lpbq020317@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Drupal CiviRegister Module Script Insertion Vulnerability SECUNIA ADVISORY ID: SA39806 VERIFY ADVISORY: http://secunia.com/advisories/39806/ DESCRIPTION: A vulnerability has been reported in the CiviRegister module for Drupal, which can be exploited by malicious people to conduct script insertion attacks. Certain input passed via the URL is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires that the victim has "administer CiviCRM" permissions. The vulnerability is reported in versions prior to 6.x-1.1. SOLUTION: Update to version 6.x-1.1. http://drupal.org/node/797342 PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: SA-CONTRIB-2010-048: http://drupal.org/node/797352 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 13 18:42:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 14 May 2010 03:42:38 +0200 Subject: [SEC] [SA39801] Pidgin MSN SLP Message Custom Emoticon Denial of Service Weakness Message-ID: <201005140142.o4E1gcrX008500@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Pidgin MSN SLP Message Custom Emoticon Denial of Service Weakness SECUNIA ADVISORY ID: SA39801 VERIFY ADVISORY: http://secunia.com/advisories/39801/ DESCRIPTION: A weakness has been reported in Pidgin, which can be exploited by malicious people to cause a DoS (Denial of Service). The weakness is caused due to insufficient input validation in libpurple's MSN protocol plugin when processing SLP packets related to custom emoticons. This can be exploited to crash the application via a specially crafted SLP message. SOLUTION: Update to version 2.7.0. PROVIDED AND/OR DISCOVERED BY: The vendor credits Pierre Nogu?s, Meta Security. ORIGINAL ADVISORY: http://www.pidgin.im/news/security/index.php?id=46 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 13 18:55:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 14 May 2010 03:55:02 +0200 Subject: [SEC] [SA39775] Fedora update for boa Message-ID: <201005140155.o4E1t2eM028680@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Fedora update for boa SECUNIA ADVISORY ID: SA39775 VERIFY ADVISORY: http://secunia.com/advisories/39775/ DESCRIPTION: Fedora has issued an update for boa. This fixes a weakness, which can be exploited by malicious people to manipulate certain data. The weakness is caused due to terminal escape sequences received in HTTP requests being logged. This can be exploited to pass control characters to a terminal emulator when a user displays a log. SOLUTION: Apply updated packages via the yum utility ("yum update boa"). ORIGINAL ADVISORY: FEDORA-2010-7645: http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041274.html FEDORA-2010-7640: http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041271.html OTHER REFERENCES: http://www.ush.it/team/ush/hack_httpd_escape/adv.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu May 13 19:10:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 14 May 2010 04:10:22 +0200 Subject: [SEC] [SA39765] Fedora update for lighttpd Message-ID: <201005140210.o4E2AMmS016923@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Fedora update for lighttpd SECUNIA ADVISORY ID: SA39765 VERIFY ADVISORY: http://secunia.com/advisories/39765/ DESCRIPTION: Fedora has issued an update for lighttpd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA38403 SOLUTION: Apply updated packages via the yum utility ("yum update lighttpd"). ORIGINAL ADVISORY: FEDORA-2010-7636: http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041264.html FEDORA-2010-7643: http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041307.html OTHER REFERENCES: SA38403: http://secunia.com/SA38403/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 14 10:27:51 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 14 May 2010 19:27:51 +0200 Subject: [SEC] [SA39828] NPDS REvolution Cross-Site Request Forgery and Script Insertion Vulnerabilities Message-ID: <201005141727.o4EHRpUA006457@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: NPDS REvolution Cross-Site Request Forgery and Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA39828 VERIFY ADVISORY: http://secunia.com/advisories/39828/ DESCRIPTION: Cut-Me-Own-Throat Dibbler has discovered some vulnerabilities in NPDS REvolution, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site request forgery attacks. 1) Input passed via e.g. the "name" parameter to user.php while updating user profile is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. NOTE: Other scripts and parameters may also be affected. 2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. add an administrative user by tricking a logged in administrator into visiting a malicious web site. The vulnerabilities are confirmed in version 10.02. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences in a proxy. Do not browse untrusted websites or follow untrusted links while logged in to the application. PROVIDED AND/OR DISCOVERED BY: Cut-Me-Own-Throat Dibbler ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 14 11:28:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 14 May 2010 20:28:03 +0200 Subject: [SEC] [SA39824] NPDS REvolution Cross-Site Scripting and SQL Injection Vulnerabilities Message-ID: <201005141828.o4EIS3or028803@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: NPDS REvolution Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA39824 VERIFY ADVISORY: http://secunia.com/advisories/39824/ DESCRIPTION: Some vulnerabilities have been discovered in NPDS REvolution, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Input passed to the "sortby" parameter in download.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed to the "topic" parameter in viewtopic.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed via arbitrary parameters to various scripts is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Examples: http://[host]/forum.php?[code] http://[host]/viewtopic.php?[code] http://[host]/map.php?[code] The vulnerabilities are confirmed in version 10.02. Prior versions may also be affected. SOLUTION: Apply vendor patch. PROVIDED AND/OR DISCOVERED BY: 1, 2) High-Tech Bridge SA 3) Reported by the vendor ORIGINAL ADVISORY: NPDS REvolution: http://www.npds.org/viewtopic.php?topic=24851&forum=12 High-Tech Bridge SA: http://www.htbridge.ch/advisory/blind_sql_injection_vulnerability_in_NPDSREvolution.html http://www.htbridge.ch/advisory/xss_vulnerability_in_npds.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 14 12:27:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 14 May 2010 21:27:39 +0200 Subject: [SEC] [SA39822] Zend Framework Dojo Toolkit Redirection Weaknesses and Cross-Site Scripting Message-ID: <201005141927.o4EJRd1q018733@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Zend Framework Dojo Toolkit Redirection Weaknesses and Cross-Site Scripting SECUNIA ADVISORY ID: SA39822 VERIFY ADVISORY: http://secunia.com/advisories/39822/ DESCRIPTION: Some weaknesses and vulnerabilities have been reported in Zend Framework, which can be exploited by malicious people to conduct redirection and cross-site scripting attacks. The weaknesses and vulnerabilities are caused due to the use of a vulnerable version of Dojo Toolkit. For more information: SA38964 SOLUTION: Update to version 1.10.3 or 1.9.8 or later and redeploy Dojo. ORIGINAL ADVISORY: http://framework.zend.com/security/advisory/ZF2010-07 OTHER REFERENCES: SA38964: http://secunia.com/advisories/38964/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 14 13:27:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 14 May 2010 22:27:36 +0200 Subject: [SEC] [SA39821] Fedora update for mysql Message-ID: <201005142027.o4EKRam1008681@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Fedora update for mysql SECUNIA ADVISORY ID: SA39821 VERIFY ADVISORY: http://secunia.com/advisories/39821/ DESCRIPTION: Fedora has issued an update for mysql. This fixes a vulnerability, which can be exploited by malicious users to manipulate certain data. For more information: SA39454 SOLUTION: Apply updated packages via the yum utility ("yum update mysql"). ORIGINAL ADVISORY: FEDORA-2010-7355: http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041334.html FEDORA-2010-7414: http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041367.html OTHER REFERENCES: SA39454: http://secunia.com/advisories/39454/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 14 14:23:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 14 May 2010 23:23:38 +0200 Subject: [SEC] [SA39787] Ubuntu update for kdenetwork Message-ID: <201005142123.o4ELNcbY030829@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for kdenetwork SECUNIA ADVISORY ID: SA39787 VERIFY ADVISORY: http://secunia.com/advisories/39787/ DESCRIPTION: Ubuntu has issued an update for kdenetwork. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security features and to compromise a user's system. For more information: SA39528 SOLUTION: Apply updated packages. -- Ubuntu 9.04 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork_4.2.2-0ubuntu2.3.diff.gz Size/MD5: 36775 6a8af519ab911b42c02c83c28512df42 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork_4.2.2-0ubuntu2.3.dsc Size/MD5: 2167 217f5efe918c9406671b3f68714f27bd http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork_4.2.2.orig.tar.gz Size/MD5: 7998863 12e63f41947eab454f579f8f456f79d5 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork_4.2.2-0ubuntu2.3_all.deb Size/MD5: 26164 8aad393a8c6f9b45560629bb65eccd95 http://security.ubuntu.com/ubuntu/pool/universe/k/kdenetwork/kopete-plugin-otr-kde4_4.2.2-0ubuntu2.3_all.deb Size/MD5: 25930 c1431376f8d13b6e08624df67d966614 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kde-zeroconf_4.2.2-0ubuntu2.3_amd64.deb Size/MD5: 61004 d71fa2cdb6f43998a348d6b21a2bbe38 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork-dbg_4.2.2-0ubuntu2.3_amd64.deb Size/MD5: 55996270 7864bdf750ea7a72558d24dc3ced5271 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork-dev_4.2.2-0ubuntu2.3_amd64.deb Size/MD5: 187616 e67f975a80469376ebb5af26d045db82 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork-filesharing_4.2.2-0ubuntu2.3_amd64.deb Size/MD5: 635376 9bf591a889d6e127ccf83e95300074e9 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kget_4.2.2-0ubuntu2.3_amd64.deb Size/MD5: 1346462 021c5f4e5db6286a103057d74c0b3281 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kopete_4.2.2-0ubuntu2.3_amd64.deb Size/MD5: 7344300 f0f99bf525d766702e7e674a299771f4 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kppp_4.2.2-0ubuntu2.3_amd64.deb Size/MD5: 708854 ae532936a89bfa3f8075de2cb36ff807 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/krdc_4.2.2-0ubuntu2.3_amd64.deb Size/MD5: 398284 bdbfcf7f042a9939d4232499f491a513 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/krfb_4.2.2-0ubuntu2.3_amd64.deb Size/MD5: 466328 15cdb669bff2fba3079939f8076e4db9 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kde-zeroconf_4.2.2-0ubuntu2.3_i386.deb Size/MD5: 56162 24890ffe7e250bb0bb3ea10f26242f46 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork-dbg_4.2.2-0ubuntu2.3_i386.deb Size/MD5: 55359476 dcb01239813d7c3b1129cced371de00c http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork-dev_4.2.2-0ubuntu2.3_i386.deb Size/MD5: 180506 cfc9e3dc5a7caf2267e01f45d00e8095 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork-filesharing_4.2.2-0ubuntu2.3_i386.deb Size/MD5: 609408 63d5687455ab22147fa5b0642707cb54 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kget_4.2.2-0ubuntu2.3_i386.deb Size/MD5: 1311050 cbbe6c7b16430d152f3f340a588a723e http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kopete_4.2.2-0ubuntu2.3_i386.deb Size/MD5: 7005996 d92734b3d44c914b81121d4d2c4f40ef http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kppp_4.2.2-0ubuntu2.3_i386.deb Size/MD5: 689604 7c10cdc5212543c0177f2abe1a82cafa http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/krdc_4.2.2-0ubuntu2.3_i386.deb Size/MD5: 388860 cae692d52760290721be35b680c2e236 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/krfb_4.2.2-0ubuntu2.3_i386.deb Size/MD5: 460736 d69ab19ba5b8206344f76ed7629c0672 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/kdenetwork/kde-zeroconf_4.2.2-0ubuntu2.3_lpia.deb Size/MD5: 56434 dd826aa96020ade7b1ae669c9d0bee12 http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-dbg_4.2.2-0ubuntu2.3_lpia.deb Size/MD5: 55424634 4b484c7106d9ae834f8d7589e6dd9bf4 http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-dev_4.2.2-0ubuntu2.3_lpia.deb Size/MD5: 180308 7682a74871408f8f516effbe16b3a131 http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-filesharing_4.2.2-0ubuntu2.3_lpia.deb Size/MD5: 624058 4f00e180aa09d6f1963341d3440d7892 http://ports.ubuntu.com/pool/main/k/kdenetwork/kget_4.2.2-0ubuntu2.3_lpia.deb Size/MD5: 1320932 418cdd5dc552eda619ab95c070fc79f9 http://ports.ubuntu.com/pool/main/k/kdenetwork/kopete_4.2.2-0ubuntu2.3_lpia.deb Size/MD5: 7048542 e8e80aba783e99ed94ac11bb48a8f443 http://ports.ubuntu.com/pool/main/k/kdenetwork/kppp_4.2.2-0ubuntu2.3_lpia.deb Size/MD5: 695420 e58d3c6307a00ac81670448f05112e54 http://ports.ubuntu.com/pool/main/k/kdenetwork/krdc_4.2.2-0ubuntu2.3_lpia.deb Size/MD5: 391594 58d0f6833dad3fc5e1cff266ef8a963b http://ports.ubuntu.com/pool/main/k/kdenetwork/krfb_4.2.2-0ubuntu2.3_lpia.deb Size/MD5: 462204 d838455fe3616defec605385a87739ae powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/kdenetwork/kde-zeroconf_4.2.2-0ubuntu2.3_powerpc.deb Size/MD5: 61934 4440ab0efce1523ab2e222478eb323e5 http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-dbg_4.2.2-0ubuntu2.3_powerpc.deb Size/MD5: 58841478 fc8aa37d150be45d14c0d4084f32b08c http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-dev_4.2.2-0ubuntu2.3_powerpc.deb Size/MD5: 191220 8e82e2b3c085669bf563f85c78944c41 http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-filesharing_4.2.2-0ubuntu2.3_powerpc.deb Size/MD5: 656476 defd14428fb678a3a9aaf22c0fd836a5 http://ports.ubuntu.com/pool/main/k/kdenetwork/kget_4.2.2-0ubuntu2.3_powerpc.deb Size/MD5: 1390460 e102452663bfac562e7108a8a710b6b1 http://ports.ubuntu.com/pool/main/k/kdenetwork/kopete_4.2.2-0ubuntu2.3_powerpc.deb Size/MD5: 7410846 f0137d96a4ae4e5eeb81fec49b0ec395 http://ports.ubuntu.com/pool/main/k/kdenetwork/kppp_4.2.2-0ubuntu2.3_powerpc.deb Size/MD5: 706054 a2ff5a18db7df9caadd7c13785cd2e21 http://ports.ubuntu.com/pool/main/k/kdenetwork/krdc_4.2.2-0ubuntu2.3_powerpc.deb Size/MD5: 397886 2c04d87997f72b97a5c6bb4f0a9b477a http://ports.ubuntu.com/pool/main/k/kdenetwork/krfb_4.2.2-0ubuntu2.3_powerpc.deb Size/MD5: 466632 2af258554b6bae4e0a3a5a644bd11fa8 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/kdenetwork/kde-zeroconf_4.2.2-0ubuntu2.3_sparc.deb Size/MD5: 55116 e725014d071958b67bdc53b14a964ce7 http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-dbg_4.2.2-0ubuntu2.3_sparc.deb Size/MD5: 55121252 76bd2b02862ec39c5b3e71b13bda0cf1 http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-dev_4.2.2-0ubuntu2.3_sparc.deb Size/MD5: 179814 e0cf2dfbc426329f124caddb50ec76c6 http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-filesharing_4.2.2-0ubuntu2.3_sparc.deb Size/MD5: 650470 ab9461f0d98b42da5f07706f933317d2 http://ports.ubuntu.com/pool/main/k/kdenetwork/kget_4.2.2-0ubuntu2.3_sparc.deb Size/MD5: 1330122 33a0d874942ea6e64f0e96334702b7ed http://ports.ubuntu.com/pool/main/k/kdenetwork/kopete_4.2.2-0ubuntu2.3_sparc.deb Size/MD5: 7139808 2e39f3523ba3676d5dcc18eae0f4248a http://ports.ubuntu.com/pool/main/k/kdenetwork/kppp_4.2.2-0ubuntu2.3_sparc.deb Size/MD5: 707380 a506a81af1e81deded12d9176109f147 http://ports.ubuntu.com/pool/main/k/kdenetwork/krdc_4.2.2-0ubuntu2.3_sparc.deb Size/MD5: 402042 260dad081331362ae089d336745e0563 http://ports.ubuntu.com/pool/main/k/kdenetwork/krfb_4.2.2-0ubuntu2.3_sparc.deb Size/MD5: 467340 0df8690fdee706f926d169eb7b9d72d7 -- Ubuntu 9.10 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork_4.3.2-0ubuntu4.1.diff.gz Size/MD5: 49608 d171ba8c8bf38db27cce3533b695c324 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork_4.3.2-0ubuntu4.1.dsc Size/MD5: 2336 2066dd83aa643a2044c8582968ca9846 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork_4.3.2.orig.tar.gz Size/MD5: 8303321 b973ab4f9d005e8af52f42d3d3989f78 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork_4.3.2-0ubuntu4.1_all.deb Size/MD5: 33346 2b0083fa2f492505c4d5f19a9bb3e417 http://security.ubuntu.com/ubuntu/pool/universe/k/kdenetwork/kopete-plugin-otr-kde4_4.3.2-0ubuntu4.1_all.deb Size/MD5: 33112 796bf485ecd474bb5b15d8be7384af68 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kde-zeroconf_4.3.2-0ubuntu4.1_amd64.deb Size/MD5: 53786 fdc1d7697b203026d1b6431e7b5d0b76 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork-dbg_4.3.2-0ubuntu4.1_amd64.deb Size/MD5: 30547358 27daebc38b2f3239e6fd524c6f3188d8 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork-filesharing_4.3.2-0ubuntu4.1_amd64.deb Size/MD5: 353054 52155ebf77af8ee0e66b7730521bb437 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kget_4.3.2-0ubuntu4.1_amd64.deb Size/MD5: 1077286 330cfbf464dd3ea5c0c35cff4c4bf10f http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kopete_4.3.2-0ubuntu4.1_amd64.deb Size/MD5: 5383038 e127e9a4765f94bf558b0e2cbdc44644 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kppp_4.3.2-0ubuntu4.1_amd64.deb Size/MD5: 603802 43f8f2a54f73ddaf836fd879cedf96f7 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/krdc_4.3.2-0ubuntu4.1_amd64.deb Size/MD5: 403704 56e633ed3be28d94afb30b29ce9b10e4 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/krfb_4.3.2-0ubuntu4.1_amd64.deb Size/MD5: 455306 b42bec391d435408b499c8fb1134b166 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/libkopete-dev_4.3.2-0ubuntu4.1_amd64.deb Size/MD5: 112642 61b30a923925303bd68f3138dc9688ca http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/libkopete4_4.3.2-0ubuntu4.1_amd64.deb Size/MD5: 381986 38252cdf28713bf92fa485c038148b46 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kde-zeroconf_4.3.2-0ubuntu4.1_i386.deb Size/MD5: 52238 e5695d1a7057fea135d350a993e4d06c http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork-dbg_4.3.2-0ubuntu4.1_i386.deb Size/MD5: 30195210 154d7e066e3fcf99f02451fcab5461ad http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kdenetwork-filesharing_4.3.2-0ubuntu4.1_i386.deb Size/MD5: 333700 2026b4db1d1a1c411d08100e93916acc http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kget_4.3.2-0ubuntu4.1_i386.deb Size/MD5: 1064034 cfed546b2e496f7714c0e0398cb5ad35 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kopete_4.3.2-0ubuntu4.1_i386.deb Size/MD5: 5197500 c6136d2fd6a56267f342781291bf5382 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/kppp_4.3.2-0ubuntu4.1_i386.deb Size/MD5: 591336 1460e8b55335823dbe53013f8869123d http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/krdc_4.3.2-0ubuntu4.1_i386.deb Size/MD5: 393898 8ce0697073b5fa1f2d539006fbfdad69 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/krfb_4.3.2-0ubuntu4.1_i386.deb Size/MD5: 451184 13afd3ce4fc6ebaf9d2d427e3a5a0d79 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/libkopete-dev_4.3.2-0ubuntu4.1_i386.deb Size/MD5: 112650 21e5387ccb603c39c179453523d0da20 http://security.ubuntu.com/ubuntu/pool/main/k/kdenetwork/libkopete4_4.3.2-0ubuntu4.1_i386.deb Size/MD5: 364400 6e390aa840164c73a258029b7b4a5bb4 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/kdenetwork/kde-zeroconf_4.3.2-0ubuntu4.1_lpia.deb Size/MD5: 52546 12fce31edd68ef33759d947365453014 http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-dbg_4.3.2-0ubuntu4.1_lpia.deb Size/MD5: 30274592 ab8db15984922077b96fd180866aafe6 http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-filesharing_4.3.2-0ubuntu4.1_lpia.deb Size/MD5: 343280 1be2db10f8260b63fff6a00fe2983643 http://ports.ubuntu.com/pool/main/k/kdenetwork/kget_4.3.2-0ubuntu4.1_lpia.deb Size/MD5: 1089894 d7f32f47a184416fbc40dcc4921a0bbc http://ports.ubuntu.com/pool/main/k/kdenetwork/kopete_4.3.2-0ubuntu4.1_lpia.deb Size/MD5: 5284270 a4017a7c59b1ddbcf543b11ecd2d5d29 http://ports.ubuntu.com/pool/main/k/kdenetwork/kppp_4.3.2-0ubuntu4.1_lpia.deb Size/MD5: 603762 66efad6b68fbc6221e2b2ceab664ce47 http://ports.ubuntu.com/pool/main/k/kdenetwork/krdc_4.3.2-0ubuntu4.1_lpia.deb Size/MD5: 398304 b47f9f31cedb427f1e5c665e4d65cdaa http://ports.ubuntu.com/pool/main/k/kdenetwork/krfb_4.3.2-0ubuntu4.1_lpia.deb Size/MD5: 453220 06a7f9dcfea03b8dd3ce7f70fe83d581 http://ports.ubuntu.com/pool/main/k/kdenetwork/libkopete-dev_4.3.2-0ubuntu4.1_lpia.deb Size/MD5: 112690 00073caaeb856c3aa8f4a53fd3ad610a http://ports.ubuntu.com/pool/main/k/kdenetwork/libkopete4_4.3.2-0ubuntu4.1_lpia.deb Size/MD5: 372508 c565979ce1651be50608cd5aa2db219f powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/kdenetwork/kde-zeroconf_4.3.2-0ubuntu4.1_powerpc.deb Size/MD5: 50916 b491aa86af24bbe2bc5811d723b51869 http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-dbg_4.3.2-0ubuntu4.1_powerpc.deb Size/MD5: 30304690 9153d362a22b727cc204f3cf7813148f http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-filesharing_4.3.2-0ubuntu4.1_powerpc.deb Size/MD5: 306004 3a4e8beec6f71354f5b7920939d58009 http://ports.ubuntu.com/pool/main/k/kdenetwork/kget_4.3.2-0ubuntu4.1_powerpc.deb Size/MD5: 1000272 4956b7033252449b144d71093a3e83ec http://ports.ubuntu.com/pool/main/k/kdenetwork/kopete_4.3.2-0ubuntu4.1_powerpc.deb Size/MD5: 4931610 d5633953620beb23f69697fee16a1237 http://ports.ubuntu.com/pool/main/k/kdenetwork/kppp_4.3.2-0ubuntu4.1_powerpc.deb Size/MD5: 579726 4a959c2af6b403b069ffbc3b090553aa http://ports.ubuntu.com/pool/main/k/kdenetwork/krdc_4.3.2-0ubuntu4.1_powerpc.deb Size/MD5: 389778 67424f78c1231dc251e073c8aeb73e3d http://ports.ubuntu.com/pool/main/k/kdenetwork/krfb_4.3.2-0ubuntu4.1_powerpc.deb Size/MD5: 450156 04824dfc0c02ec1d6db1e8372424a7c7 http://ports.ubuntu.com/pool/main/k/kdenetwork/libkopete-dev_4.3.2-0ubuntu4.1_powerpc.deb Size/MD5: 112676 4e9221c8212011bc1ccbe5b2f41650c4 http://ports.ubuntu.com/pool/main/k/kdenetwork/libkopete4_4.3.2-0ubuntu4.1_powerpc.deb Size/MD5: 342864 6a5cd525e9239ab5c375d66a82fcfe7d sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/kdenetwork/kde-zeroconf_4.3.2-0ubuntu4.1_sparc.deb Size/MD5: 50278 9691f810d00ddae5f50426facf8ff7ca http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-dbg_4.3.2-0ubuntu4.1_sparc.deb Size/MD5: 27742788 fe3d0621a9e9ce04ad04a4309255e547 http://ports.ubuntu.com/pool/main/k/kdenetwork/kdenetwork-filesharing_4.3.2-0ubuntu4.1_sparc.deb Size/MD5: 307852 b975d548a77a9d499e460e92d117086b http://ports.ubuntu.com/pool/main/k/kdenetwork/kget_4.3.2-0ubuntu4.1_sparc.deb Size/MD5: 972896 7c6d494d00e8711aa57c35c7a55f3f8a http://ports.ubuntu.com/pool/main/k/kdenetwork/kopete_4.3.2-0ubuntu4.1_sparc.deb Size/MD5: 4871566 82e007e72cb3426f277856abc624a1b4 http://ports.ubuntu.com/pool/main/k/kdenetwork/kppp_4.3.2-0ubuntu4.1_sparc.deb Size/MD5: 584610 7b5865091beaae955e84cc636174f774 http://ports.ubuntu.com/pool/main/k/kdenetwork/krdc_4.3.2-0ubuntu4.1_sparc.deb Size/MD5: 387328 cbee8839813368202ec26cceabf16e6f http://ports.ubuntu.com/pool/main/k/kdenetwork/krfb_4.3.2-0ubuntu4.1_sparc.deb Size/MD5: 452414 881b05085cae03e930c6af4791e5e126 http://ports.ubuntu.com/pool/main/k/kdenetwork/libkopete-dev_4.3.2-0ubuntu4.1_sparc.deb Size/MD5: 112672 020e44bd6e8a1bfe264212d5da718c93 http://ports.ubuntu.com/pool/main/k/kdenetwork/libkopete4_4.3.2-0ubuntu4.1_sparc.deb Size/MD5: 333616 99477110177d40a0ef1f8d74a5502764 ORIGINAL ADVISORY: USN-938-1: http://www.ubuntu.com/node/2316 OTHER REFERENCES: SA39528: http://secunia.com/advisories/39528/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 14 14:43:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 14 May 2010 23:43:09 +0200 Subject: [SEC] [SA39826] Press Release Script "id" SQL Injection Vulnerability Message-ID: <201005142143.o4ELh9QK019036@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Press Release Script "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA39826 VERIFY ADVISORY: http://secunia.com/advisories/39826/ DESCRIPTION: A vulnerability has been reported in Press Release Script, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to page.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: R3d-D3v!L ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 14 14:55:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 14 May 2010 23:55:22 +0200 Subject: [SEC] [SA39823] Fedora update for mod_auth_shadow Message-ID: <201005142155.o4ELtMaG006840@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Fedora update for mod_auth_shadow SECUNIA ADVISORY ID: SA39823 VERIFY ADVISORY: http://secunia.com/advisories/39823/ DESCRIPTION: Fedora has issued an update for mod_auth_shadow. This fixes a vulnerability, which can potentially be exploited by malicious people to bypass certain security restrictions. For more information: SA39502 SOLUTION: Apply updated packages via the yum utility ("yum update mod_auth_shadow"). ORIGINAL ADVISORY: FEDORA-2010-6323: http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041326.html FEDORA-2010-6359: http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041340.html OTHER REFERENCES: SA39502: http://secunia.com/advisories/39502/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 14 15:08:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 15 May 2010 00:08:40 +0200 Subject: [SEC] [SA39827] Fedora update for php-ZendFramework Message-ID: <201005142208.o4EM8emF027072@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Fedora update for php-ZendFramework SECUNIA ADVISORY ID: SA39827 VERIFY ADVISORY: http://secunia.com/advisories/39827/ DESCRIPTION: Fedora has issued an update for php-ZendFramework. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious people to conduct redirection and cross-site scripting attacks. For more information: SA39822 SOLUTION: Apply updated packages via the yum utility ("yum update php-ZendFramework"). ORIGINAL ADVISORY: FEDORA-2010-8495: http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041342.html FEDORA-2010-8498: http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041344.html OTHER REFERENCES: SA39822: http://secunia.com/advisories/39822/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 14 15:22:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 15 May 2010 00:22:23 +0200 Subject: [SEC] [SA39816] Joomla Konsultasi Component "sid" SQL Injection Vulnerability Message-ID: <201005142222.o4EMMNdr014930@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Joomla Konsultasi Component "sid" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA39816 VERIFY ADVISORY: http://secunia.com/advisories/39816/ DESCRIPTION: A vulnerability has been discovered in the Konsultasi component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "sid" parameter to index.php (when "option" is set to "com_konsultasi" and "act" is set to "detail") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.0.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: c4uR ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 14 15:43:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 15 May 2010 00:43:31 +0200 Subject: [SEC] [SA39665] phpGroupWare SQL Injection and Local File Inclusion Vulnerabilities Message-ID: <201005142243.o4EMhVux003110@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: phpGroupWare SQL Injection and Local File Inclusion Vulnerabilities SECUNIA ADVISORY ID: SA39665 VERIFY ADVISORY: http://secunia.com/advisories/39665/ DESCRIPTION: Some vulnerabilities have been reported in phpGroupWare, which can be exploited by malicious people to conduct SQL injection attacks and disclose sensitive information. 1) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Certain unspecified input is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences. The vulnerabilities are reported in versions prior to 0.9.16.016. SOLUTION: Update to version 0.9.16.016. PROVIDED AND/OR DISCOVERED BY: The vendor credits Vupen. ORIGINAL ADVISORY: http://lists.gnu.org/archive/html/phpgroupware-users/2010-05/msg00004.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 14 15:57:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 15 May 2010 00:57:00 +0200 Subject: [SEC] [SA39731] Debian update for phpgroupware Message-ID: <201005142257.o4EMv0vw023360@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Debian update for phpgroupware SECUNIA ADVISORY ID: SA39731 VERIFY ADVISORY: http://secunia.com/advisories/39731/ DESCRIPTION: Debian has issued an update for phpgroupware. This fixes some vulnerabilities, which can be exploited by malicious people to conduct SQL injection attacks and disclose sensitive information. For more information: SA39665 SOLUTION: Apply updated packages. -- Debian GNU/Linux 5.0 alias lenny -- Source archives: http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg.orig.tar.gz Size/MD5 checksum: 19383160 bbfcfa12aca69b4032d7b4d38aeba85f http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg-8+lenny2.dsc Size/MD5 checksum: 1662 1a1ff2d6badf454ba2b948ee1268e57b http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg-8+lenny2.diff.gz Size/MD5 checksum: 74293 9ba66bc79bc0f5bb6454a3372bc2bfd8 Architecture independent packages: http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-filemanager_0.9.16.012+dfsg-8+lenny2_all.deb Size/MD5 checksum: 91562 51f6a2473368c6c21d19b8fd6349635f http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-phpgwapi-doc_0.9.16.012+dfsg-8+lenny2_all.deb Size/MD5 checksum: 7985242 c19ed260050702c356c4d14db87e3f0d http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16_0.9.16.012+dfsg-8+lenny2_all.deb Size/MD5 checksum: 20158 c09431d20a4d833841340ea79e03854d http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-setup_0.9.16.012+dfsg-8+lenny2_all.deb Size/MD5 checksum: 281402 2fc54aa2367098332f67b846b17d8c7a http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-core-base_0.9.16.012+dfsg-8+lenny2_all.deb Size/MD5 checksum: 48876 41cc095cbbc3bd97ae36754405df60b9 http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-email_0.9.16.012+dfsg-8+lenny2_all.deb Size/MD5 checksum: 1167580 4b63e0460fb590082a29391d26331b1e http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-phpgwapi_0.9.16.012+dfsg-8+lenny2_all.deb Size/MD5 checksum: 1529004 52216c8fa04c49ebf2d5d12aa6a8013a http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware_0.9.16.012+dfsg-8+lenny2_all.deb Size/MD5 checksum: 22522 783f747d25f32fe4024db807a0727261 http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-core_0.9.16.012+dfsg-8+lenny2_all.deb Size/MD5 checksum: 4726 0a3140a4bdc80c8b421ef865c1f730d3 http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-doc_0.9.16.012+dfsg-8+lenny2_all.deb Size/MD5 checksum: 130240 dc11591ae411a496bc5828d88eaed65d http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-todo_0.9.16.012+dfsg-8+lenny2_all.deb Size/MD5 checksum: 50810 b632b74158236fea55b5014830c26369 http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-preferences_0.9.16.012+dfsg-8+lenny2_all.deb Size/MD5 checksum: 60432 8355e743ea535fbb8b5afef5bcb196bb http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-manual_0.9.16.012+dfsg-8+lenny2_all.deb Size/MD5 checksum: 93564 f44dbd8f6b2902d4980c4ec23d955d02 http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-news-admin_0.9.16.012+dfsg-8+lenny2_all.deb Size/MD5 checksum: 41194 9ed410fd27d8e0c7430a90fa2eaabb70 http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-calendar_0.9.16.012+dfsg-8+lenny2_all.deb Size/MD5 checksum: 270288 ffa447f1b07658090d9acdec93ef31a5 http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-admin_0.9.16.012+dfsg-8+lenny2_all.deb Size/MD5 checksum: 188302 84057847fe79ad066a751a0b5f1abef7 http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-addressbook_0.9.16.012+dfsg-8+lenny2_all.deb Size/MD5 checksum: 176400 0294b85b1e34e7879edbc4ee832dfa43 http://security.debian.org/pool/updates/main/p/phpgroupware/phpgroupware-0.9.16-notes_0.9.16.012+dfsg-8+lenny2_all.deb Size/MD5 checksum: 33074 95aff5b1efc3ba4eeb3a5756549ae070 ORIGINAL ADVISORY: DSA-2046-1: http://lists.debian.org/debian-security-announce/2010/msg00087.html OTHER REFERENCES: SA39665: http://secunia.com/advisories/39665/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 14 16:21:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 15 May 2010 01:21:47 +0200 Subject: [SEC] [SA39825] HP MFP Digital Sending Software Unauthorised Access Message-ID: <201005142321.o4ENLlBq011714@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: HP MFP Digital Sending Software Unauthorised Access SECUNIA ADVISORY ID: SA39825 VERIFY ADVISORY: http://secunia.com/advisories/39825/ DESCRIPTION: A vulnerability has been reported in HP MFP Digital Sending Software, which can be exploited by malicious people with local access to bypass certain security restrictions. The vulnerability is caused due to an unspecified error, which can be exploited to gain unauthorised access to functionality (e.g. "Send to e-mail") of an HP Multifunction Peripheral (MFP) controlled by the HP Digital Sending Software. The vulnerability is reported in HP MFP Digital Sending Software prior to version 4.18.3 running on Windows. SOLUTION: Update to HP MFP Digital Sending Software version 4.18.3. HP MFP Digital Sending Software v4.18.3 File (dss4183.zip): SHA1: 1b81-94a7-8a8e-d12e-f2e9-038e-2de2-c9a1-daa5-c32c ftp://ftp.usa.hp.com (user:dss4183 / password:Costing9) PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBPI02532 SSRT100111: http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02161624 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 14 16:42:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 15 May 2010 01:42:42 +0200 Subject: [SEC] [SA39729] RuubikCMS Cross-Site Scripting and Cross-Site Request Forgery Message-ID: <201005142342.o4ENgg9n032287@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: RuubikCMS Cross-Site Scripting and Cross-Site Request Forgery SECUNIA ADVISORY ID: SA39729 VERIFY ADVISORY: http://secunia.com/advisories/39729/ DESCRIPTION: Grabpot Thundergust has discovered some vulnerabilities in RuubikCMS, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. create additional administrative users if a logged-in administrative user visits a specially crafted web site. 2) Input passed via the "p" parameter to cms/index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 1.0.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Do not browse untrusted sites or follow links from untrusted sources when being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: Grabpot Thundergust ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 14 16:54:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 15 May 2010 01:54:49 +0200 Subject: [SEC] [SA39755] Joomla Dione Form Wizard Component "controller" File Inclusion Vulnerability Message-ID: <201005142354.o4ENsn5Z020064@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Joomla Dione Form Wizard Component "controller" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA39755 VERIFY ADVISORY: http://secunia.com/advisories/39755/ DESCRIPTION: A vulnerability has been reported in the Dione Form Wizard component for Joomla, which can be exploited by malicious people to disclose potentially sensitive information. Input passed to the "controller" parameter in index.php (when "option" is set to "com_dioneformwizard") is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes. The vulnerability is reported in version 1.0.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Chip D3 Bi0s ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri May 14 17:07:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 15 May 2010 02:07:44 +0200 Subject: [SEC] [SA39745] ocPortal Cross-Site Request Forgery Vulnerability Message-ID: <201005150007.o4F07inI007891@CRON-IX-2.intnet> ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: ocPortal Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA39745 VERIFY ADVISORY: http://secunia.com/advisories/39745/ DESCRIPTION: Grabpot Thundergust has discovered a vulnerability in ocPortal, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests and fails to properly check the validity of the requests. This can be exploited to e.g. create additional administrative users if a logged-in administrative user visits a specially crafted web site. The vulnerability is confirmed in version 4.3.2. Other versions may also be affected. SOLUTION: Do not browse untrusted web sites or follow links from untrusted sources while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: Grabpot Thundergust ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ------------------------------------