From sec-adv at secunia.com Fri Oct 1 10:28:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 1 Oct 2010 19:28:07 +0200 Subject: [SEC] [SA41666] Zen Cart Multiple Vulnerabilities Message-ID: <201010011728.o91HS769025323@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Zen Cart Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41666 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41666/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41666 RELEASE DATE: 2010-10-01 DISCUSS ADVISORY: http://secunia.com/advisories/41666/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41666/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41666 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Zen Cart, which can be exploited by malicious people to conduct SQL injection and cross-site scripting attacks and to disclose sensitive information. 1) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. These vulnerabilities are reported in versions prior to 1.3.9.g. 3) Input passed via the "typefilter" parameter to index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. This vulnerability is confirmed in version 1.3.9.f. Prior versions may also be affected. SOLUTION: Update to version 1.3.9.g. PROVIDED AND/OR DISCOVERED BY: 1,2) Provided by the vendor 3) Gjoko Krstic, Zero Science Lab ORIGINAL ADVISORY: Zen Cart: http://www.zen-cart.com/forum/showthread.php?t=165017 ZSL-2010-4967: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4967.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 1 11:28:56 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 1 Oct 2010 20:28:56 +0200 Subject: [SEC] [SA41621] FreeRADIUS Two Denial of Service Vulnerabilities Message-ID: <201010011828.o91ISu5s015622@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: FreeRADIUS Two Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA41621 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41621/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41621 RELEASE DATE: 2010-10-01 DISCUSS ADVISORY: http://secunia.com/advisories/41621/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41621/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41621 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in FreeRADIUS, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error when processing requests queued for more than 30 seconds in main/event.c can be exploited to cause the process to crash by sending high volume of requests for an extended period of time. 2) An error when processing DHCP requests with the "Relay Agent Information" option (82) in lib/dhcp.c can be exploited to cause an infinite loop in the process denying further requests via a packet with multiple sub-options. The vulnerabilities are reported in version 2.1.9. Other versions may also be affected. SOLUTION: Update to version 2.1.10. PROVIDED AND/OR DISCOVERED BY: Reported in a bug report by: 1) Florence Faure 2) Ilya A. Masandilov ORIGINAL ADVISORY: http://freeradius.org/press/index.html#2.1.10 https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=35 https://bugs.freeradius.org/bugzilla/show_bug.cgi?id=77 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 1 12:29:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 1 Oct 2010 21:29:37 +0200 Subject: [SEC] [SA41609] Barracuda Spam & Virus Firewall "locale" Directory Traversal Vulnerability Message-ID: <201010011929.o91JTb19005886@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Barracuda Spam & Virus Firewall "locale" Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA41609 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41609/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41609 RELEASE DATE: 2010-10-01 DISCUSS ADVISORY: http://secunia.com/advisories/41609/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41609/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41609 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Barracuda Spam & Virus Firewall, which can be exploited by malicious users to disclose sensitive information. Input passed to the "locale" parameter in cgi-mod/view_help.cgi is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks and URL-encoded NULL bytes. The vulnerability is reported in version 4.1.1.021. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: ShadowHatesYou ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/15130/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 1 13:30:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 1 Oct 2010 22:30:18 +0200 Subject: [SEC] [SA41689] Openswan XAUTH Multiple Vulnerabilities Message-ID: <201010012030.o91KUIUF028570@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Openswan XAUTH Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41689 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41689/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41689 RELEASE DATE: 2010-10-01 DISCUSS ADVISORY: http://secunia.com/advisories/41689/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41689/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41689 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Openswan, which can be exploited by malicious people to compromise a user's system. 1) A boundary error when processing the "cisco_dns_info" and "cisco_domain_info" fields can be exploited to cause a buffer overflow via a specially crafted packet with DNS payload. 2) A boundary error when processing the "cisco_banner" or "server_banner" fields can be exploited to cause a buffer overflow via a string longer than 500 characters. NOTE: This vulnerability was introduced in version 2.6.26. 3) An input sanitation error when processing the "cisco_dns_info", "cisco_domain_info", "cisco_banner", and "server_banner" fields can be exploited to inject arbitrary shell commands via a specially crafted string. Successful exploitation of these vulnerabilities may allow execution of arbitrary code but requires tricking a user into connecting to a malicious Cisco compatible gateway using Extended Authentication (XAUTH). The vulnerabilities are reported in version 2.6.25 through 2.6.28. SOLUTION: Apply patches or update to version 2.6.29 PROVIDED AND/OR DISCOVERED BY: The vendor credits D. Hugh Redelmeier and Paul Wouters. ORIGINAL ADVISORY: http://www.openswan.org/security/CVE-2010-3302.php http://www.openswan.org/security/CVE-2010-3308.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 1 14:23:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 1 Oct 2010 23:23:30 +0200 Subject: [SEC] [SA41687] Novell iManager "getMultiPartParameters()" Arbitrary File Upload Vulnerability Message-ID: <201010012123.o91LNUOB018513@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Novell iManager "getMultiPartParameters()" Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA41687 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41687/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41687 RELEASE DATE: 2010-10-01 DISCUSS ADVISORY: http://secunia.com/advisories/41687/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41687/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41687 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Novell iManager, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the "getMultiPartParameters()" function improperly validating uploaded files. This can be exploited to upload content to arbitrary files. This may be related to: SA40198 The vulnerability is reported in versions prior to 2.7.3 FTF3. SOLUTION: Update to version 2.7.3 FTF3 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits Stephen Fewer, Harmony Security via ZDI. ORIGINAL ADVISORY: Novell: http://www.novell.com/support/viewContent.do?externalId=7006515 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 1 14:44:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 1 Oct 2010 23:44:22 +0200 Subject: [SEC] [SA41686] IBM DB2 Administration Server Buffer Overflow Vulnerability Message-ID: <201010012144.o91LiMvT007008@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: IBM DB2 Administration Server Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA41686 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41686/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41686 RELEASE DATE: 2010-10-01 DISCUSS ADVISORY: http://secunia.com/advisories/41686/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41686/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41686 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM DB2, which can be exploited by malicious users or malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerability is caused due to an unspecified error and can be exploited to cause a buffer overflow. No further information is currently available. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in versions prior to 9.5 Fix Pack 6a. SOLUTION: Update to version 9.5 Fix Pack 6a. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (IC70538): ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 1 15:12:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 2 Oct 2010 00:12:59 +0200 Subject: [SEC] [SA41670] TikiWiki CMS/Groupware Multiple Vulnerabilities Message-ID: <201010012212.o91MCxqk028344@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: TikiWiki CMS/Groupware Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41670 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41670/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41670 RELEASE DATE: 2010-10-01 DISCUSS ADVISORY: http://secunia.com/advisories/41670/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41670/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41670 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in TikiWiki CMS/Groupware, which can be exploited by malicious users to disclose sensitive information and by malicious people to conduct cross-site scripting and cross-site request forgery attacks. For more information: SA41630 The vulnerabilities are reported in versions prior to 3.8. SOLUTION: Update to version 3.8. ORIGINAL ADVISORY: Tiki Wiki: http://info.tiki.org/article113-Tiki-Wiki-CMS-Groupware-Releases-5-3-and-3-8-LTS-Security-Patches OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 1 15:46:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 2 Oct 2010 00:46:29 +0200 Subject: [SEC] [SA41682] Apache XML-RPC Information Disclosure Vulnerability Message-ID: <201010012246.o91MkT6k017384@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Apache XML-RPC Information Disclosure Vulnerability SECUNIA ADVISORY ID: SA41682 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41682/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41682 RELEASE DATE: 2010-10-02 DISCUSS ADVISORY: http://secunia.com/advisories/41682/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41682/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41682 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Apache XML-RPC, which can potentially be exploited by malicious people to disclose sensitive information. The vulnerability is caused due to the SAX Parser allowing to include external entities, which can be exploited by a client to include server side resources. The vulnerability is reported in versions prior to 3.1.3. SOLUTION: Update to version 3.1.3. PROVIDED AND/OR DISCOVERED BY: The vendor credits Johan H?gre. ORIGINAL ADVISORY: http://ws.apache.org/xmlrpc/changes-report.html#a3.1.3 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 1 16:12:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 2 Oct 2010 01:12:03 +0200 Subject: [SEC] [SA41681] Joomla! JE Directory Component "catid" SQL Injection Vulnerability Message-ID: <201010012312.o91NC3cd006098@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Joomla! JE Directory Component "catid" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA41681 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41681/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41681 RELEASE DATE: 2010-10-02 DISCUSS ADVISORY: http://secunia.com/advisories/41681/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41681/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41681 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the JE Directory component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "catid" parameter to index.php (when "option" is set to "com_jedirectory" and "view" is set to "item") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Easy Laster OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 4 10:28:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 4 Oct 2010 19:28:14 +0200 Subject: [SEC] [SA41699] Evaria ECMS "config" File Disclosure Vulnerability Message-ID: <201010041728.o94HSElm010905@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Evaria ECMS "config" File Disclosure Vulnerability SECUNIA ADVISORY ID: SA41699 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41699/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41699 RELEASE DATE: 2010-10-04 DISCUSS ADVISORY: http://secunia.com/advisories/41699/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41699/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41699 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Evaria ECMS, which can be exploited by malicious people to disclose sensitive information. Input passed to the "config" parameter in admin/poll.php is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks. Successful exploitation requires that "register_globals" is enabled. The vulnerability is confirmed in version 1.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: khayeye shotor OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 4 11:28:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 4 Oct 2010 20:28:18 +0200 Subject: [SEC] [SA41674] Mercurial Common Name Verification Security Issue Message-ID: <201010041828.o94ISIrT001104@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Mercurial Common Name Verification Security Issue SECUNIA ADVISORY ID: SA41674 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41674/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41674 RELEASE DATE: 2010-10-04 DISCUSS ADVISORY: http://secunia.com/advisories/41674/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41674/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41674 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Mercurial, which can be exploited by malicious people to conduct spoofing attacks. The security issue is caused due the application not properly checking if the "Common Name" field provided inside SSL server certificates matches the requested hostname of a server. This can be exploited to e.g. conduct Man-in-the-Middle (MitM) attacks. The security issue is reported in versions prior to 1.6.4. SOLUTION: Update to version 1.6.4. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor ORIGINAL ADVISORY: http://mercurial.selenic.com/wiki/WhatsNew#A1.6.4_.282010-10-01.29 http://mercurial.selenic.com/bts/issue2407 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 4 12:28:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 4 Oct 2010 21:28:22 +0200 Subject: [SEC] [SA41703] PhpMyShopping Multiple Vulnerabilities Message-ID: <201010041928.o94JSMEF023839@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: PhpMyShopping Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41703 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41703/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41703 RELEASE DATE: 2010-10-04 DISCUSS ADVISORY: http://secunia.com/advisories/41703/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41703/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41703 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in PhpMyShopping, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Input passed via the "P" parameter to detail_article.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via "P" parameter to detail_article.php is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 1.0-r1505. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Metropolis OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 4 13:28:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 4 Oct 2010 22:28:23 +0200 Subject: [SEC] [SA41704] jCart Multiple Vulnerabilities Message-ID: <201010042028.o94KSNxw014102@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: jCart Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41704 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41704/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41704 RELEASE DATE: 2010-10-04 DISCUSS ADVISORY: http://secunia.com/advisories/41704/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41704/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41704 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities and a weakness have been discovered in jCart, which can be exploited by malicious people to conduct cross-site scripting, cross-site request forgery, and spoofing attacks. 1) Input passed via the "jcart_checkout_page" POST parameter to jcart/jcart-gateway.php is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain. 2) The application allows user's to perform certain actions via HTTP requests without making validity checks to properly verify the requests. This can be exploited to e.g. change the content of a cart, by tricking a user into visiting a malicious web site. 3) Input passed via the "my-item-name" POST parameter to jcart/jcart-relay.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 1.1. Other versions may also be affected. SOLUTION: Do not browse untrusted websites or follow untrusted links while using the application. Edit the source code to ensure that input is properly verified and sanitised. PROVIDED AND/OR DISCOVERED BY: p0deje OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 4 14:22:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 4 Oct 2010 23:22:10 +0200 Subject: [SEC] [SA41536] BlackBerry Device Software Browser Cross-Origin Security Bypass Message-ID: <201010042122.o94LMAnE004088@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: BlackBerry Device Software Browser Cross-Origin Security Bypass SECUNIA ADVISORY ID: SA41536 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41536/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41536 RELEASE DATE: 2010-10-04 DISCUSS ADVISORY: http://secunia.com/advisories/41536/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41536/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41536 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in BlackBerry Device Software, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information. The vulnerability is caused due to the browser not properly restricting cross-domain access, which can be exploited to access e.g. cookies of a web site that is embedded in an iframe. The vulnerability is confirmed on a BlackBerry 9700 in version 5.0.0.593 (Platform 5.1.0.147). SOLUTION: Do not browse untrusted web sites or follow links from untrusted sources. PROVIDED AND/OR DISCOVERED BY: 599eme Man ORIGINAL ADVISORY: http://packetstormsecurity.org/1009-exploits/blackberry-crossorigin.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 4 14:43:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 4 Oct 2010 23:43:20 +0200 Subject: [SEC] [SA41711] Hastymail2 Background Attributes Script Insertion Vulnerability Message-ID: <201010042143.o94LhKne025013@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Hastymail2 Background Attributes Script Insertion Vulnerability SECUNIA ADVISORY ID: SA41711 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41711/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41711 RELEASE DATE: 2010-10-04 DISCUSS ADVISORY: http://secunia.com/advisories/41711/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41711/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41711 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Julien Cayssol has reported a vulnerability in Hastymail2, which can be exploited by malicious people to conduct script insertion attacks. Certain input passed via background attributes of a table cell element is not properly sanitised in lib/htmLawed.php before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerability is reported in versions prior to 1.01. SOLUTION: Update to version 1.01. PROVIDED AND/OR DISCOVERED BY: Julien Cayssol ORIGINAL ADVISORY: http://www.hastymail.org/security/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 4 14:59:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 4 Oct 2010 23:59:12 +0200 Subject: [SEC] [SA41652] Subversion "mod_dav_svn" Security Bypass Message-ID: <201010042159.o94LxCvG013285@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Subversion "mod_dav_svn" Security Bypass SECUNIA ADVISORY ID: SA41652 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41652/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41652 RELEASE DATE: 2010-10-04 DISCUSS ADVISORY: http://secunia.com/advisories/41652/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41652/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41652 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Subversion, which can be exploited by malicious people to bypass certain security restrictions. The problem exists in the WebDAV module (mod_dav_svn) when performing authorization to scope-limited named repositories and can be exploited to gain access to a restricted portion of a repository. Successful exploitation requires the "SVNPathAuthz" directive to be set to "short_circuit" (not set by default). The security issue is reported in versions 1.5.0 through 1.5.7 and 1.6.0 through 1.6.12. SOLUTION: Update to version 1.5.8 or 1.6.13. PROVIDED AND/OR DISCOVERED BY: The vendor credits Kamesh Jayachandran and C. Michael Pilato. ORIGINAL ADVISORY: http://subversion.apache.org/security/CVE-2010-3315-advisory.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 4 15:26:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Oct 2010 00:26:43 +0200 Subject: [SEC] [SA41716] MySQL Multiple Vulnerabilities Message-ID: <201010042226.o94MQhsY002139@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: MySQL Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41716 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41716/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41716 RELEASE DATE: 2010-10-05 DISCUSS ADVISORY: http://secunia.com/advisories/41716/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41716/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41716 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in MySQL, which can be exploited by malicious users to gain escalated privileges or cause a DoS (Denial of Service). 1) An error in MySQL replication when handling version specific comments can be exploited to execute arbitrary SQL statements with "SUPER" privileges on a slave if the master runs a lower server release version than the slave. This vulnerability is reported in versions prior to 5.1.50. 2) An error in the processing of arguments passed to e.g. the "LEAST()" or "GREATEST()" function can be exploited to cause the server to crash. 3) An error when materialising a derived table that requires a temporary table for grouping can be exploited to cause the server to crash. 4) An error exists due to the re-evaluation of expression values used for temporary tables, which can be exploited to cause the server to crash. 5) An error in the handling of the "GROUP_CONCAT()" statement in combination with "WITH ROLLUP" can be exploited to cause the server to crash. 6) An error within the handling of the "GREATEST()" or "LEAST()" functions when using an intermediate temporary table can be exploited to cause a crash by passing a mixed list of numeric and "LONGBLOB" arguments to the affected functions. 7) An error in the processing of nested joins in stored procedures and prepared statements can be exploited to cause an infinite loop. Vulnerabilities #2 through #7 are reported in versions prior to 5.1.51. SOLUTION: Update to version 5.1.51. PROVIDED AND/OR DISCOVERED BY: Reported in MySQL bug reports by: 1) Libing Song 2 - 6) Shane Bester 7) John H. Embretsen ORIGINAL ADVISORY: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-50.html http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 4 15:46:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Oct 2010 00:46:39 +0200 Subject: [SEC] [SA41701] Apache APR-util Multiple Denial of Service Vulnerabilities Message-ID: <201010042246.o94MkciD023057@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Apache APR-util Multiple Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA41701 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41701/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41701 RELEASE DATE: 2010-10-05 DISCUSS ADVISORY: http://secunia.com/advisories/41701/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41701/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41701 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in APR-util, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) Two XML parsing vulnerabilities exist in the bundled version of expat. For more information: SA36425 2) An error within the "apr_brigade_split_line()" function in buckets/apr_brigade.c can be exploited to cause high memory consumption. The vulnerabilities are reported in versions prior to 1.3.10. SOLUTION: Update to version 1.3.10. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 4 16:12:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Oct 2010 01:12:29 +0200 Subject: [SEC] [SA41685] SurgeMail SurgeWeb "username_ex" Cross-Site Scripting Vulnerability Message-ID: <201010042312.o94NCTAU011792@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: SurgeMail SurgeWeb "username_ex" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA41685 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41685/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41685 RELEASE DATE: 2010-10-05 DISCUSS ADVISORY: http://secunia.com/advisories/41685/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41685/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41685 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Kerem Kocaer has discovered a vulnerability in SurgeMail, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "username_ex" parameter to the SurgeWeb interface /surgeweb is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 4.3e. Other versions may also be affected. SOLUTION: Update to version 4.3g. PROVIDED AND/OR DISCOVERED BY: Kerem Kocaer ORIGINAL ADVISORY: Kerem Kocaer: http://ictsec.se/?p=108 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 4 16:44:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Oct 2010 01:44:59 +0200 Subject: [SEC] [SA41695] Blue Coat ProxySG Cross-Site Scripting Vulnerability Message-ID: <201010042344.o94Nix1E000760@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Blue Coat ProxySG Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA41695 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41695/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41695 RELEASE DATE: 2010-10-05 DISCUSS ADVISORY: http://secunia.com/advisories/41695/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41695/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41695 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in ProxySG, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in an administrative user's browser session in context of an affected site. SOLUTION: Update to a fixed version when available. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Blue Coat: https://kb.bluecoat.com/index?page=content&id=SA47 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 5 10:28:06 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Oct 2010 19:28:06 +0200 Subject: [SEC] [SA41680] Joomla! JomSocial Component Arbitrary File Upload Vulnerability Message-ID: <201010051728.o95HS6oZ004399@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Joomla! JomSocial Component Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA41680 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41680/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41680 RELEASE DATE: 2010-10-05 DISCUSS ADVISORY: http://secunia.com/advisories/41680/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41680/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41680 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the JomSocial component for Joomla!, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to the application allowing the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to execute arbitrary PHP code by uploading a PHP file. Successful exploitation of this vulnerability requires that direct video uploads are enabled and may require that directory listings are enabled to access the uploaded file. The vulnerability is reported in version 1.8.8. Prior versions may also be affected. SOLUTION: Reportedly, an update to version 1.8.9 fixes the vulnerability. PROVIDED AND/OR DISCOVERED BY: Jeff Channell ORIGINAL ADVISORY: JomSocial: http://www.jomsocial.com/docs/Change_Log#Version_1.8.9 Jeff Channell: http://jeffchannell.com/Joomla/jomsocial-188-shell-upload-vulnerability.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 5 11:28:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Oct 2010 20:28:04 +0200 Subject: [SEC] [SA41640] Fedora update for mysql Message-ID: <201010051828.o95IS46X027087@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Fedora update for mysql SECUNIA ADVISORY ID: SA41640 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41640/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41640 RELEASE DATE: 2010-10-05 DISCUSS ADVISORY: http://secunia.com/advisories/41640/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41640/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41640 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for mysql. This fixes some security issues, where one has unknown impacts while others can be exploited by malicious users to cause a DoS (Denial of Service). For more information: SA41048 SOLUTION: Apply updated packages via the yum utility ("yum update mysql"). ORIGINAL ADVISORY: FEDORA-2010-15166: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/048788.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 5 12:28:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Oct 2010 21:28:18 +0200 Subject: [SEC] [SA41677] SmarterMail Cross-Site Scripting and Script Insertion Vulnerabilities Message-ID: <201010051928.o95JSIEi017368@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: SmarterMail Cross-Site Scripting and Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA41677 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41677/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41677 RELEASE DATE: 2010-10-05 DISCUSS ADVISORY: http://secunia.com/advisories/41677/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41677/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41677 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: David Hoyt has discovered some vulnerabilities in SmarterMail, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks. 1) Input passed via the "path" parameter to Main/frmStoredFiles.aspx and the "edit" parameter to UserControls/Popups/frmAddFileStorageFolder.aspx is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "SubjectBox_SettingText" parameter to Main/Calendar/frmEvent.aspx when adding a new calendar entry is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation of the vulnerability requires that Calendar Sharing is enabled. The vulnerabilities are confirmed in version 7.2.3925. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: David Hoyt ORIGINAL ADVISORY: David Hoyt: http://cloudscan.blogspot.com/2010/10/vendor-smartertoolscom-smartermail-7x_5930.html http://cloudscan.blogspot.com/2010/10/vendor-smartertoolscom-smartermail-7x_02.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 5 13:28:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Oct 2010 22:28:12 +0200 Subject: [SEC] [SA41562] activeCollab Project Permissions Security Bypass Message-ID: <201010052028.o95KSCdm007613@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: activeCollab Project Permissions Security Bypass SECUNIA ADVISORY ID: SA41562 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41562/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41562 RELEASE DATE: 2010-10-05 DISCUSS ADVISORY: http://secunia.com/advisories/41562/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41562/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41562 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in activeCollab, which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is cause due to the application not properly verifying a user's permissions on a project and can be exploited to e.g. subscribe to the project, view project files, or delete project files via a specially crafted URL. The vulnerability is reported in version 2.3.1. Prior versions may also be affected. SOLUTION: Update to version 2.3.2. PROVIDED AND/OR DISCOVERED BY: US-CERT credits Robin Wood. ORIGINAL ADVISORY: US-CERT VU#236703: http://www.kb.cert.org/vuls/id/236703 activeCollab: http://www.activecollab.com/docs/manuals/admin/release-notes/activecollab-2-3-2 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 5 14:22:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Oct 2010 23:22:24 +0200 Subject: [SEC] [SA40905] Debian update for apr-util Message-ID: <201010052122.o95LMOdL030016@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Debian update for apr-util SECUNIA ADVISORY ID: SA40905 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40905/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40905 RELEASE DATE: 2010-10-05 DISCUSS ADVISORY: http://secunia.com/advisories/40905/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40905/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40905 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issue an update for apr-util. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA41701 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA-2117-1: http://lists.debian.org/debian-security-announce/2010/msg00166.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 5 14:43:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 5 Oct 2010 23:43:13 +0200 Subject: [SEC] [SA41718] AD-EDIT2 "q" Cross-Site Scripting Vulnerabilities Message-ID: <201010052143.o95LhDYl018493@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: AD-EDIT2 "q" Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA41718 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41718/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41718 RELEASE DATE: 2010-10-05 DISCUSS ADVISORY: http://secunia.com/advisories/41718/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41718/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41718 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in AD-EDIT2, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "q" parameter to commons/search.cgi and admin/search.cgi is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 3.0.8. Prior versions may also be affected. SOLUTION: Update to version 3.0.9. PROVIDED AND/OR DISCOVERED BY: JVN credits Seiei Higa ORIGINAL ADVISORY: AD-EDIT2: http://adedit.norenz.net/download/index.cgi?pg=0681 http://adedit.blogspot.com/2010/10/ad-edit2-xss.html JVN#69191943: http://jvn.jp/en/jp/JVN69191943/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 6 10:28:52 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 6 Oct 2010 19:28:52 +0200 Subject: [SEC] [SA41691] TYPO3 Multiple Vulnerabilities Message-ID: <201010061728.o96HSq91013080@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: TYPO3 Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41691 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41691/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41691 RELEASE DATE: 2010-10-06 DISCUSS ADVISORY: http://secunia.com/advisories/41691/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41691/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41691 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in TYPO3, which can be exploited by malicious users to conduct script insertion attacks, disclose sensitive information, and perform certain actions with escalated privileges and by malicious people to conduct cross-site scripting attacks and disclose sensitive information. 1) Certain input passed to the "jumpUrl" mechanism in typo3/sysext/cms/tslib/class.tslib_fe.php is not properly verified before being used to read files and can be exploited to read arbitrary files from local resources. 2) Certain input passed to the backend admin panel is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Certain input is not properly verified in typo3/sysext/em/mod1/class.em_index.php before being used to read files. This can be exploited to read arbitrary files from local resources via directory traversal sequences. Successful exploitation requires admin permissions. 4) The application does not properly verify input passed to the "sys_action" task "be_user_creation" before creating a user. This can be exploited to create users who are members of arbitrary usergroups and gain escalated privileges. Successful exploitation requires requires permissions to create users in the "taskcenter". This vulnerability is reported in versions prior to 4.2.15 and 4.3.7. 5) Certain input is not properly sanitised in typo3/contrib/RemoveXSS/RemoveXSS.php before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerabilities are reported in versions prior to 4.2.15, 4.3.7, and 4.4.4. NOTE: A potential DoS due to a crash related to the "filter_var()" PHP function has also been reported. SOLUTION: Update to version 4.2.15, 4.3.7, or 4.4.4. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Gregor Kopf. 2) The vendor credits Daniel Sloof and Helmut Hummel of the TYPO3 Security Team. 3) The vendor credits Jeremy Lebourdais. 4) The vendor credits Henning Pingel. 5) The vendor credits Franz G. Jahn. ORIGINAL ADVISORY: TYPO3-SA-2010-020: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 6 11:28:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 6 Oct 2010 20:28:32 +0200 Subject: [SEC] [SA41673] Foxit Phantom Title Parsing Buffer Overflow Vulnerability Message-ID: <201010061828.o96ISWLP003318@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Foxit Phantom Title Parsing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA41673 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41673/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41673 RELEASE DATE: 2010-10-06 DISCUSS ADVISORY: http://secunia.com/advisories/41673/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41673/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41673 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Foxit Phantom, which can be exploited by malicious people to compromise a user's system. For more information: SA41656 Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in version 2.1.0.0731. Other versions may also be affected. SOLUTION: Update to version 2.2 or later. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 6 12:28:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 6 Oct 2010 21:28:21 +0200 Subject: [SEC] [SA41679] BrailleNote Apex FTP / Telnet Security Issue Message-ID: <201010061928.o96JSLqK025994@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: BrailleNote Apex FTP / Telnet Security Issue SECUNIA ADVISORY ID: SA41679 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41679/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41679 RELEASE DATE: 2010-10-06 DISCUSS ADVISORY: http://secunia.com/advisories/41679/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41679/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41679 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in BrailleNote Apex devices, which can be exploited by malicious people to compromise a user's system. The security issue exists due to undocumented FTP and Telnet services allowing unauthenticated access, which can be exploited to read and write arbitrary files on the file system. SOLUTION: Do not connect to untrusted networks. PROVIDED AND/OR DISCOVERED BY: Sabahattin Gucukoglu ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2010-10/0010.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 6 13:28:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 6 Oct 2010 22:28:13 +0200 Subject: [SEC] [SA41656] Foxit Reader Title Parsing Buffer Overflow Vulnerability Message-ID: <201010062028.o96KSD0t016250@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Foxit Reader Title Parsing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA41656 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41656/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41656 RELEASE DATE: 2010-10-06 DISCUSS ADVISORY: http://secunia.com/advisories/41656/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41656/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41656 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Foxit Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when attempting to set the window title text and can be exploited to cause a stack-based buffer overflow via a specially crafted PDF document containing an overly long title. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in versions 3.3.1.0518 and 4.1.1.805. Other versions may also be affected. SOLUTION: Update to version 4.2.0.0928, which also provides a security enhancement to the handling of PDF signatures. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. Additional information provided by Secunia Research. ORIGINAL ADVISORY: Foxit Corporation: http://www.foxitsoftware.com/pdf/reader/security_bulletins.php http://www.foxitsoftware.com/pdf/reader/bugfix.php Florian Zumbiehl: http://pdfsig-collision.florz.de/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 6 14:22:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 6 Oct 2010 23:22:21 +0200 Subject: [SEC] [SA41656] Foxit Reader Title Parsing Buffer Overflow Vulnerability Message-ID: <201010062122.o96LML9t006268@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Foxit Reader Title Parsing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA41656 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41656/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41656 RELEASE DATE: 2010-10-06 DISCUSS ADVISORY: http://secunia.com/advisories/41656/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41656/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41656 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Foxit Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when attempting to set the window title text and can be exploited to cause a stack-based buffer overflow via a specially crafted PDF document containing an overly long title. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in versions 3.3.1.0518 and 4.1.1.805. Other versions may also be affected. SOLUTION: Update to version 4.2.0.0928, which also provides a security enhancement to the handling of PDF signatures. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. Additional information provided by Secunia Research. ORIGINAL ADVISORY: Foxit Corporation: http://www.foxitsoftware.com/pdf/reader/security_bulletins.php http://www.foxitsoftware.com/pdf/reader/bugfix.php Florian Zumbiehl: http://pdfsig-collision.florz.de/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 11 10:29:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 11 Oct 2010 19:29:40 +0200 Subject: [SEC] [SA41773] SyncBreeze Server Insecure Library Loading Vulnerability Message-ID: <201010111729.o9BHTeFv011614@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: SyncBreeze Server Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41773 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41773/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41773 RELEASE DATE: 2010-10-11 DISCUSS ADVISORY: http://secunia.com/advisories/41773/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41773/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41773 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in SyncBreeze Server, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application bundling a vulnerable version of the Qt library, which loads libraries (e.g. wintab32.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a FLX file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code, but requires that files are opened via the Windows Explorer "Open With" menu. For more information: SA41537 The vulnerability is confirmed in version 2.2.30. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Mister Teatime OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 11 11:29:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 11 Oct 2010 20:29:44 +0200 Subject: [SEC] [SA41750] Site2Nite Auto e-Manager "ID" SQL Injection Vulnerability Message-ID: <201010111829.o9BITifh001868@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Site2Nite Auto e-Manager "ID" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA41750 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41750/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41750 RELEASE DATE: 2010-10-11 DISCUSS ADVISORY: http://secunia.com/advisories/41750/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41750/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41750 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Site2Nite Auto e-Manager, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "ID" parameter to detail.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: KnocKout OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 11 12:30:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 11 Oct 2010 21:30:02 +0200 Subject: [SEC] [SA41749] BaconMap Multiple Vulnerabilities Message-ID: <201010111930.o9BJU2GW024645@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: BaconMap Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41749 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41749/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41749 RELEASE DATE: 2010-10-11 DISCUSS ADVISORY: http://secunia.com/advisories/41749/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41749/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41749 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in BaconMap, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system. 1) Input passed via the "type" parameter to doadd.php (when "name" is set) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed via the "filepath" parameter to updatelist.php is not properly verified before being used to read files. This can be exploited to e.g. read file contents or inject and execute arbitrary PHP code. The vulnerabilities are confirmed in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised and verified. PROVIDED AND/OR DISCOVERED BY: John Leitch Additional information about arbitrary PHP code execution provided by Secunia Research. ORIGINAL ADVISORY: John Leitch: http://www.johnleitch.net/Vulnerabilities/BaconMap.1.0.SQL.Injection/51 http://www.johnleitch.net/Vulnerabilities/BaconMap.1.0.Local.File.Inclusion/50 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 11 13:29:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 11 Oct 2010 22:29:32 +0200 Subject: [SEC] [SA41766] Joomla! JS Calendar Component Multiple Vulnerabilities Message-ID: <201010112029.o9BKTWe2014951@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Joomla! JS Calendar Component Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41766 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41766/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41766 RELEASE DATE: 2010-10-11 DISCUSS ADVISORY: http://secunia.com/advisories/41766/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41766/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41766 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in JS Calender component for Joomla!, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Input passed via the "month" and "year" parameters (when "option" is set to "com_jscalendar" and "view" is set to "jscalendar") to index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "ev_id" parameter (when "option" is set to "com_jscalendar", "view" is set to "jscalendar", and "task" is set to "details") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 1.5.4. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Salvatore Fresta ORIGINAL ADVISORY: Salvatore Fresta http://adv.salvatorefresta.net/JS_Calendar_1.5.1_Joomla_Component_Multiple_Remote_Vulnerabilities-09102010.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 11 14:23:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 11 Oct 2010 23:23:33 +0200 Subject: [SEC] [SA41739] Debian update for subversion Message-ID: <201010112123.o9BLNXV9004973@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Debian update for subversion SECUNIA ADVISORY ID: SA41739 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41739/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41739 RELEASE DATE: 2010-10-11 DISCUSS ADVISORY: http://secunia.com/advisories/41739/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41739/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41739 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for subversion. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA41652 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA 2118-1: http://lists.debian.org/debian-security-announce/2010/msg00167.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 11 14:44:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 11 Oct 2010 23:44:40 +0200 Subject: [SEC] [SA41756] PHPYun Multiple SQL Injection Vulnerabilities Message-ID: <201010112144.o9BLieme025944@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: PHPYun Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA41756 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41756/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41756 RELEASE DATE: 2010-10-11 DISCUSS ADVISORY: http://secunia.com/advisories/41756/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41756/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41756 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: l4yn3 has discovered some vulnerabilities in PHPYun, which can be exploited my malicious people to conduct SQL injection attacks. Input passed via the "provinceid" parameter to search.php (when "cityid" is set) and the "e" parameter to resumeview.php (when "uid" is set) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 1.1.6. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: l4yn3, Wolves Security Team. ORIGINAL ADVISORY: Wolves Security Team: http://bbs.wolvez.org/viewtopic.php?id=172 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 11 15:13:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Oct 2010 00:13:26 +0200 Subject: [SEC] [SA41763] Truworth Flex Timesheet Two SQL Injection Vulnerabilities Message-ID: <201010112213.o9BMDQbl014975@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Truworth Flex Timesheet Two SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA41763 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41763/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41763 RELEASE DATE: 2010-10-11 DISCUSS ADVISORY: http://secunia.com/advisories/41763/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41763/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41763 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Truworth Flex Timesheet, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "Username" and "Password" fields in the log-in form is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. NOTE: This can further be exploited to bypass the authentication mechanism. SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: KnocKout OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 11 15:46:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Oct 2010 00:46:48 +0200 Subject: [SEC] [SA41719] FTP Voyager Directory Traversal Vulnerability Message-ID: <201010112246.o9BMkmhF004060@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: FTP Voyager Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA41719 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41719/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41719 RELEASE DATE: 2010-10-12 DISCUSS ADVISORY: http://secunia.com/advisories/41719/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41719/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41719 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in FTP Voyager, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when downloading directories containing files with directory traversal specifiers in the filename. This can be exploited to download files to an arbitrary location on a user's system. Successful exploitation requires that the user is tricked into connecting and downloading a directory from a malicious FTP server. The vulnerability is confirmed in version 15.2.0.11. Other versions may also be affected. SOLUTION: Do not download files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22625: http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_ftp_voyager.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 11 16:12:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Oct 2010 01:12:37 +0200 Subject: [SEC] [SA41748] SyncBreeze Server Buffer Overflow Vulnerability Message-ID: <201010112312.o9BNCbiw025251@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: SyncBreeze Server Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA41748 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41748/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41748 RELEASE DATE: 2010-10-12 DISCUSS ADVISORY: http://secunia.com/advisories/41748/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41748/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41748 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Xsploited Security has discovered a vulnerability in SyncBreeze Server, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in libpal.dll when handling network messages and can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 9121. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 2.2.30. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Xsploited Security ORIGINAL ADVISORY: http://x-sploited.com/2010/10/10/poc-sync-breeze-server-v2-2-30-remote-bof-exploit/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 11 16:45:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Oct 2010 01:45:21 +0200 Subject: [SEC] [SA41768] Fedora update for cgit Message-ID: <201010112345.o9BNjLgq014348@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Fedora update for cgit SECUNIA ADVISORY ID: SA41768 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41768/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41768 RELEASE DATE: 2010-10-12 DISCUSS ADVISORY: http://secunia.com/advisories/41768/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41768/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41768 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for cgit. This fixes a vulnerability, which can be exploited by malicious, local users to potentially gain escalated privileges. For more information: SA41569 SOLUTION: Apply updated packages via the yum utility ("yum update cgit"). ORIGINAL ADVISORY: FEDORA-2010-15501: https://admin.fedoraproject.org/updates/cgit-0.8.2.1-4.fc12 FEDORA-2010-15534: https://admin.fedoraproject.org/updates/cgit-0.8.2.1-4.fc13 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 11 17:12:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Oct 2010 02:12:25 +0200 Subject: [SEC] [SA41769] Fedora update for openswan Message-ID: <201010120012.o9C0CP8A003156@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Fedora update for openswan SECUNIA ADVISORY ID: SA41769 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41769/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41769 RELEASE DATE: 2010-10-12 DISCUSS ADVISORY: http://secunia.com/advisories/41769/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41769/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41769 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for openswan. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA41689 SOLUTION: Apply updated packages using the yum utility ("yum update openswan"). ORIGINAL ADVISORY: FEDORA-2010-15508: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049053.html FEDORA-2010-15516: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049073.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 11 17:44:50 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Oct 2010 02:44:50 +0200 Subject: [SEC] [SA41755] Zope Object Database ZEO Server Denial of Service Message-ID: <201010120044.o9C0ioeU024645@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Zope Object Database ZEO Server Denial of Service SECUNIA ADVISORY ID: SA41755 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41755/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41755 RELEASE DATE: 2010-10-12 DISCUSS ADVISORY: http://secunia.com/advisories/41755/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41755/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41755 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Zope Object Database, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to the ZEO/StorageServer.py script not handling certain error conditions when processing connections from multiple clients. This can be exploited to cause the Zope Enterprise Objects (ZEO) server to stop accepting connections. The vulnerability is reported in versions prior to 3.10.0. SOLUTION: Update to version 3.10.0. PROVIDED AND/OR DISCOVERED BY: Reported by Paolo Losi in a bug report. ORIGINAL ADVISORY: https://bugs.launchpad.net/zodb/+bug/135108 http://pypi.python.org/pypi/ZODB3/3.10.0#id1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 11 18:10:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Oct 2010 03:10:13 +0200 Subject: [SEC] [SA41767] Fedora update for seamonkey Message-ID: <201010120110.o9C1ADe8013390@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Fedora update for seamonkey SECUNIA ADVISORY ID: SA41767 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41767/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41767 RELEASE DATE: 2010-10-12 DISCUSS ADVISORY: http://secunia.com/advisories/41767/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41767/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41767 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for seamonkey. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, or to compromise a user's system. For more information: SA41299 SOLUTION: Apply updated packages using the yum utility ("yum update seamonkey"). ORIGINAL ADVISORY: FEDORA-2010-15184: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049116.html FEDORA-2010-15115: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049051.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 11 18:25:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Oct 2010 03:25:16 +0200 Subject: [SEC] [SA41722] IBM WebSphere Application Server for z/OS Multiple Vulnerabilities Message-ID: <201010120125.o9C1PGku001619@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: IBM WebSphere Application Server for z/OS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41722 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41722/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41722 RELEASE DATE: 2010-10-12 DISCUSS ADVISORY: http://secunia.com/advisories/41722/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41722/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41722 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged some vulnerabilities in IBM WebSphere Application Server for z/OS, where one has an unknown impact and others can be exploited by malicious people to conduct cross-site scripting and request forgery attacks. 1) An unspecified error exists related to Java API for XML Web Services (JAX-WS). For more information see vulnerability #1 in: SA41173 2) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain unspecified actions by tricking a logged in administrative user into visiting a malicious web site. SOLUTION: Apply Fix Pack 13 (7.0.0.13). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (PM16014, PM17046, PM18909) http://www-01.ibm.com/support/docview.wss?uid=swg1PM23872 http://www-01.ibm.com/support/docview.wss?uid=swg1PM23874 http://www-01.ibm.com/support/docview.wss?uid=swg21443736 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 11 18:44:53 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Oct 2010 03:44:53 +0200 Subject: [SEC] [SA41706] CUPS "pdftops" Uninitialised Pointer Vulnerability Message-ID: <201010120144.o9C1ir83022568@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: CUPS "pdftops" Uninitialised Pointer Vulnerability SECUNIA ADVISORY ID: SA41706 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41706/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41706 RELEASE DATE: 2010-10-12 DISCUSS ADVISORY: http://secunia.com/advisories/41706/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41706/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41706 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in CUPS, which can potentially be exploited by malicious people to compromise a vulnerable system. For more information see vulnerability #1 in: SA41596 SOLUTION: Do not process PDF documents from untrusted sources. ORIGINAL ADVISORY: https://rhn.redhat.com/errata/RHSA-2010-0754.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 11 19:12:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Oct 2010 04:12:09 +0200 Subject: [SEC] [SA41725] Red Hat update for cups Message-ID: <201010120212.o9C2C91P011896@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Red Hat update for cups SECUNIA ADVISORY ID: SA41725 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41725/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41725 RELEASE DATE: 2010-10-12 DISCUSS ADVISORY: http://secunia.com/advisories/41725/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41725/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41725 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for cups. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a vulnerable system. For more information: SA41706 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: https://rhn.redhat.com/errata/RHSA-2010-0754.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 11 19:44:50 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Oct 2010 04:44:50 +0200 Subject: [SEC] [SA41730] Red Hat update for poppler Message-ID: <201010120244.o9C2ioZl000919@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Red Hat update for poppler SECUNIA ADVISORY ID: SA41730 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41730/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41730 RELEASE DATE: 2010-10-12 DISCUSS ADVISORY: http://secunia.com/advisories/41730/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41730/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41730 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for poppler. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA41596 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0749-1: https://rhn.redhat.com/errata/RHSA-2010-0749.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 11 20:10:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Oct 2010 05:10:11 +0200 Subject: [SEC] [SA41726] Red Hat update for cups Message-ID: <201010120310.o9C3ABRc022130@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Red Hat update for cups SECUNIA ADVISORY ID: SA41726 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41726/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41726 RELEASE DATE: 2010-10-12 DISCUSS ADVISORY: http://secunia.com/advisories/41726/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41726/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41726 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for cups. This fixes two vulnerabilities, which can potentially be exploited by malicious people to compromise a vulnerable system. For more information: SA37051 SA41706 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: https://rhn.redhat.com/errata/RHSA-2010-0755.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 11 20:23:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Oct 2010 05:23:46 +0200 Subject: [SEC] [SA41727] Red Hat update for kdegraphics Message-ID: <201010120323.o9C3Nkv3010353@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Red Hat update for kdegraphics SECUNIA ADVISORY ID: SA41727 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41727/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41727 RELEASE DATE: 2010-10-12 DISCUSS ADVISORY: http://secunia.com/advisories/41727/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41727/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41727 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for kdegraphics. This fixes two vulnerabilities, which can potentially be exploited by malicious people to compromise a user's system. For more information: SA41709 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: https://rhn.redhat.com/errata/RHSA-2010-0753.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 11 20:45:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Oct 2010 05:45:07 +0200 Subject: [SEC] [SA41728] Red Hat update for gpdf Message-ID: <201010120345.o9C3j7mK031308@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Red Hat update for gpdf SECUNIA ADVISORY ID: SA41728 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41728/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41728 RELEASE DATE: 2010-10-12 DISCUSS ADVISORY: http://secunia.com/advisories/41728/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41728/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41728 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for gpdf. This fixes two vulnerabilities, which can potentially be exploited by malicious people to compromise a user's system. For more information: SA41709 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: https://rhn.redhat.com/errata/RHSA-2010-0752.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 11 21:09:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Oct 2010 06:09:59 +0200 Subject: [SEC] [SA41700] Microsoft Windows LPC Message Handling Buffer Overflow Vulnerability Message-ID: <201010120409.o9C49xFk020046@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Microsoft Windows LPC Message Handling Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA41700 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41700/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41700 RELEASE DATE: 2010-10-12 DISCUSS ADVISORY: http://secunia.com/advisories/41700/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41700/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41700 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: yuange has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to a boundary error in rpcrt4.dll within the "LRPC_SCALL::SendRequest()" function when reading an LPC message into an insufficiently sized stack buffer and can be exploited to cause a stack-based buffer overflow. The vulnerability is confirmed in fully patched versions of Windows XP SP3 and Windows Server 2003 R2 Enterprise SP2. Other versions may also be affected. SOLUTION: Grant access to trusted users only. PROVIDED AND/OR DISCOVERED BY: yuange ORIGINAL ADVISORY: yuange: http://hi.baidu.com/yuange1975/blog/item/022dec5901af02272834f0fc.html http://archives.neohapsis.com/archives/fulldisclosure/current/0085.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 11 21:22:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Oct 2010 06:22:47 +0200 Subject: [SEC] [SA41714] Ubuntu update for openssl Message-ID: <201010120422.o9C4MluA008226@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Ubuntu update for openssl SECUNIA ADVISORY ID: SA41714 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41714/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41714 RELEASE DATE: 2010-10-12 DISCUSS ADVISORY: http://secunia.com/advisories/41714/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41714/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41714 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for openssl. This fixes multiple vulnerabilities, which can potentially be exploited by malicious people to cause a DoS (Denial of Service) and compromise an application using the library. For more information: SA37291 SA40906 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1003-1: http://www.ubuntu.com/usn/usn-1003-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 11 21:43:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Oct 2010 06:43:28 +0200 Subject: [SEC] [SA41708] Xweblog Multiple SQL Injection Vulnerabilities Message-ID: <201010120443.o9C4hSi4029156@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Xweblog Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA41708 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41708/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41708 RELEASE DATE: 2010-10-12 DISCUSS ADVISORY: http://secunia.com/advisories/41708/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41708/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41708 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Xweblog, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "makale_id" parameter to oku.asp and via the "tarih" parameter to arsiv.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 2.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: KnocKout and ZoRLu OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 11 21:56:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Oct 2010 06:56:00 +0200 Subject: [SEC] [SA41729] Red Hat update for xpdf Message-ID: <201010120456.o9C4u09a017320@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Red Hat update for xpdf SECUNIA ADVISORY ID: SA41729 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41729/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41729 RELEASE DATE: 2010-10-12 DISCUSS ADVISORY: http://secunia.com/advisories/41729/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41729/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41729 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for xpdf. This fixes two vulnerabilities, which can potentially be exploited by malicious people to compromise a user's system. For more information: SA41709 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0751-1: http://rhn.redhat.com/errata/RHSA-2010-0751.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 11 22:08:57 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Oct 2010 07:08:57 +0200 Subject: [SEC] [SA41709] Xpdf Two Vulnerabilities Message-ID: <201010120508.o9C58voR005509@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Xpdf Two Vulnerabilities SECUNIA ADVISORY ID: SA41709 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41709/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41709 RELEASE DATE: 2010-10-12 DISCUSS ADVISORY: http://secunia.com/advisories/41709/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41709/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41709 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Xpdf, which can potentially be exploited by malicious people to compromise a user's system. For more information see vulnerabilities #1 and #2 in: SA41596 SOLUTION: Do not open files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Reported in Poppler by Joel Voss, Leviathan Security Group. Red Hat credits Sauli Pahlman of CERT-FI. ORIGINAL ADVISORY: https://rhn.redhat.com/errata/RHSA-2010-0751.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 12 10:30:53 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Oct 2010 19:30:53 +0200 Subject: [SEC] [SA41774] Disk Pulse Server Insecure Library Loading Vulnerability Message-ID: <201010121730.o9CHUrr9011752@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Disk Pulse Server Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41774 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41774/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41774 RELEASE DATE: 2010-10-12 DISCUSS ADVISORY: http://secunia.com/advisories/41774/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41774/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41774 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Disk Pulse Server, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application bundling a vulnerable version of the Qt library, which loads libraries (e.g. wintab32.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a FLR or FLX file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code, but requires that files are opened via the Windows Explorer "Open With" menu. For more information: SA41537 The vulnerability is confirmed in version 2.2.34. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Mister Teatime OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 12 11:30:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Oct 2010 20:30:03 +0200 Subject: [SEC] [SA40217] Microsoft Windows Common Control Library Integer Truncation Vulnerability Message-ID: <201010121830.o9CIU3cx001953@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Microsoft Windows Common Control Library Integer Truncation Vulnerability SECUNIA ADVISORY ID: SA40217 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40217/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40217 RELEASE DATE: 2010-10-12 DISCUSS ADVISORY: http://secunia.com/advisories/40217/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40217/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40217 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer truncation error in the common control library (comctl32.dll) when processing certain messages and can be exploited to e.g. cause a heap-based buffer overflow. Successful exploitation allows execution of arbitrary code. The following products are currently known to present valid attack vectors: * Adobe SVG Viewer 3.03 Other versions and applications using the vulnerable library may also be affected. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Originally reported in Adobe SVG Viewer to Secunia by Krystian Kloskowski (h07). Additional details provided by Secunia Research. ORIGINAL ADVISORY: MS10-081 (KB2296011): http://www.microsoft.com/technet/security/bulletin/ms10-081.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 12 12:30:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Oct 2010 21:30:11 +0200 Subject: [SEC] [SA41746] Microsoft SharePoint Two Script Insertion Vulnerabilities Message-ID: <201010121930.o9CJUBLO024718@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Microsoft SharePoint Two Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA41746 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41746/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41746 RELEASE DATE: 2010-10-12 DISCUSS ADVISORY: http://secunia.com/advisories/41746/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41746/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41746 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Microsoft SharePoint, which can be exploited by malicious users or malicious people to conduct script insertion attacks. 1) The application does not properly sanitise HTML code using SafeHTML. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 2) The application does not properly sanitise HTML code using SafeHTML. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. NOTE: This affects only sites that use SafeHTML to sanitise HTML code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Sirdarckcat, Google Inc. 2) The vendor credits Mario Heiderich. ORIGINAL ADVISORY: MS10-072 (KB2412048, KB2345304, KB2345322, KB2345212, KB2346298, KB2346411): http://www.microsoft.com/technet/security/bulletin/MS10-072.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 12 13:29:56 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Oct 2010 22:29:56 +0200 Subject: [SEC] [SA41776] Windows Media Player Network Sharing Service RTSP Use-After-Free Vulnerability Message-ID: <201010122029.o9CKTufe015015@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Windows Media Player Network Sharing Service RTSP Use-After-Free Vulnerability SECUNIA ADVISORY ID: SA41776 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41776/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41776 RELEASE DATE: 2010-10-12 DISCUSS ADVISORY: http://secunia.com/advisories/41776/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41776/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41776 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a user-after-free error in the Network Sharing Service (wmpnetwk.exe) and can be exploited via a specially crafted Real Time Streaming Protocol (RTSP) packet. Successful exploitation allows execution of arbitrary code, but requires the Network Sharing Service is enabled (disabled by default). SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Oleksandr Mirosh via ZDI. ORIGINAL ADVISORY: MS10-075 (KB2281679): http://www.microsoft.com/technet/security/bulletin/MS10-075.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 12 14:23:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Oct 2010 23:23:26 +0200 Subject: [SEC] [SA41775] Microsoft Windows win32k.sys Driver Window Class Privilege Escalation Message-ID: <201010122123.o9CLNQ5A005002@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Microsoft Windows win32k.sys Driver Window Class Privilege Escalation SECUNIA ADVISORY ID: SA41775 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41775 RELEASE DATE: 2010-10-12 DISCUSS ADVISORY: http://secunia.com/advisories/41775/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41775/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41775 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to a validation error in win32k.sys when handling window class data and can be exploited to execute arbitrary code in kernel-mode. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MS10-073 (KB981957): http://www.microsoft.com/technet/security/bulletin/MS10-073.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 12 14:45:01 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 12 Oct 2010 23:45:01 +0200 Subject: [SEC] [SA39303] Microsoft Office Excel Multiple Vulnerabilities Message-ID: <201010122145.o9CLj1d8025993@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Microsoft Office Excel Multiple Vulnerabilities SECUNIA ADVISORY ID: SA39303 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39303/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39303 RELEASE DATE: 2010-10-12 DISCUSS ADVISORY: http://secunia.com/advisories/39303/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39303/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39303 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system. 1) A sign-extension error and integer overflow when parsing a certain record type can be exploited to cause a heap-based buffer overflow. 2) An unspecified error when parsing certain records can be exploited to corrupt memory. 3) An unspecified error in the format parsing can be exploited to corrupt memory. 4) A boundary error in the parsing of certain records in Lotus 1-2-3 workbooks can be exploited to cause a heap-based buffer overflow via a Lotus 1-2-3 file containing a specially crafted, overly long record. 5) An unspecified error in the formula substream parsing can be exploited to corrupt memory. 6) An unspecified error in the parsing of formula information can be exploited to corrupt memory. 7) An error when parsing certain records can be exploited to corrupt memory. 8) An error in the parsing of the Merge Cell record can be exploited to corrupt memory. 9) An error in the handling of the "negative future function" can be exploited to corrupt memory. 10) An error when processing Extra Out of Boundary records having an insufficient size can be exploited to corrupt memory placed at an arbitrary address via a specially crafted Excel document. 11) An error in the parsing of Real Time Data Array records can be exploited to corrupt memory. 12) An unspecified error can be exploited to cause an "out-of-bounds memory write" and corrupt memory. 13) Missing input validation in a conversion routine when parsing a certain record type can be exploited to corrupt memory outside the bounds of an allocated heap buffer via an overly large range specified by two record fields. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) Alin Rad Pop, Secunia Research. 2, 5-10, 11-13) The vendor credits Chaouki Bekrar, Vupen. 3) The vendor credits Omair. 4) Carsten Eiram, Secunia Research. 10) Alin Rad Pop, Secunia Research. 13) Carsten Eiram, Secunia Research. ORIGINAL ADVISORY: MS10-080 (KB2293211, KB2345017, KB2344893, KB2345035, KB2422343, KB2422352, KB2422398, KB2345088, KB2344875): http://www.microsoft.com/technet/security/bulletin/ms10-080.mspx Secunia Research: http://secunia.com/secunia_research/2010-55/ http://secunia.com/secunia_research/2010-63/ http://secunia.com/secunia_research/2010-64/ http://secunia.com/secunia_research/2010-65/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 12 15:15:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Oct 2010 00:15:10 +0200 Subject: [SEC] [SA41777] Microsoft Windows Embedded OpenType Font Parsing Integer Overflow Message-ID: <201010122215.o9CMFAaL015053@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Microsoft Windows Embedded OpenType Font Parsing Integer Overflow SECUNIA ADVISORY ID: SA41777 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41777/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41777 RELEASE DATE: 2010-10-12 DISCUSS ADVISORY: http://secunia.com/advisories/41777/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41777/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41777 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow error when parsing certain tables in an Embedded OpenType (EOT) font file and can be exploited by e.g. tricking a user into visiting a web site containing a specially crafted file. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: * Sebastian Apelt via ZDI * Ivan Fratric via iSIGHT Partners Global Vulnerability Partnership ORIGINAL ADVISORY: MS10-076 (KB982132): http://www.microsoft.com/technet/security/bulletin/MS10-076.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 12 15:46:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Oct 2010 00:46:34 +0200 Subject: [SEC] [SA41781] Microsoft Windows Server 2008 Shared Cluster Disks Insecure Permissions Message-ID: <201010122246.o9CMkYIJ004056@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Microsoft Windows Server 2008 Shared Cluster Disks Insecure Permissions SECUNIA ADVISORY ID: SA41781 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41781/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41781 RELEASE DATE: 2010-10-13 DISCUSS ADVISORY: http://secunia.com/advisories/41781/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41781/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41781 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Microsoft Windows Server 2008, which can be exploited by malicious, local users to disclose or manipulate certain data. The security issue is caused due to the Failover Cluster Manager using insecure default permissions when adding disks to a shared cluster, which can be exploited by unauthorised users to access the administrative shares on the failover cluster disk. The security issue is reported in Windows Server 2008 R2 for Itanium- and x64-based systems. SOLUTION: Apply the patches and check the permissions on existing cluster disk administrative shares. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MS10-086 (KB2294255): http://www.microsoft.com/technet/security/bulletin/MS10-086.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 12 16:12:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Oct 2010 01:12:48 +0200 Subject: [SEC] [SA41786] Microsoft Windows Shell/WordPad COM Validation Vulnerability Message-ID: <201010122312.o9CNCmJ9025265@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Microsoft Windows Shell/WordPad COM Validation Vulnerability SECUNIA ADVISORY ID: SA41786 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41786/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41786 RELEASE DATE: 2010-10-13 DISCUSS ADVISORY: http://secunia.com/advisories/41786/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41786/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41786 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in Windows Shell and WordPad when validating COM object instantiation and can be exploited via a specially crafted WordPad file or a shortcut file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits HD Moore, Rapid7. ORIGINAL ADVISORY: MS10-083 (KB2405882, KB979687, KB979688): http://www.microsoft.com/technet/security/bulletin/ms10-083.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 12 16:44:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Oct 2010 01:44:54 +0200 Subject: [SEC] [SA41751] Microsoft .NET Framework JIT Compiler Vulnerability Message-ID: <201010122344.o9CNisDB014317@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Microsoft .NET Framework JIT Compiler Vulnerability SECUNIA ADVISORY ID: SA41751 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41751/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41751 RELEASE DATE: 2010-10-13 DISCUSS ADVISORY: http://secunia.com/advisories/41751/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41751/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41751 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft .NET Framework, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified error in the JIT compiler while optimising code, which can be exploited to corrupt memory when a user visits a web page hosting a specially crafted XBAP (XAML browser application). Successful exploitation allows execution of arbitrary code. NOTE: This can also be exploited to break out of the ASP.NET sandbox with a specially crafted ASP.NET application. The vulnerability only affects Microsoft .NET Framework 4.0 on the x64 and Itanium architectures. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Jeroen Frijters, Sumatra. ORIGINAL ADVISORY: MS10-077 (KB2160841): http://www.microsoft.com/technet/security/bulletin/MS10-077.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 12 17:12:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Oct 2010 02:12:19 +0200 Subject: [SEC] [SA41790] Microsoft Office Word Buffer Overflow Vulnerability Message-ID: <201010130012.o9D0CJgo003130@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Microsoft Office Word Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA41790 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41790/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41790 RELEASE DATE: 2010-10-13 DISCUSS ADVISORY: http://secunia.com/advisories/41790/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41790/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41790 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Office Word, which can be exploited by malicious people to compromise a user's system. For more information see vulnerability #11: SA41785 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: MS10-079 (KB2293194, KB2344993, KB2345000, KB2345015, KB2345043, KB2346411, KB2422352, KB2422398): http://www.microsoft.com/technet/security/bulletin/ms10-079.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 12 17:44:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Oct 2010 02:44:38 +0200 Subject: [SEC] [SA41785] Microsoft Office XP Word Multiple Vulnerabilities Message-ID: <201010130044.o9D0ic2H024603@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Microsoft Office XP Word Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41785 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41785/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41785 RELEASE DATE: 2010-10-13 DISCUSS ADVISORY: http://secunia.com/advisories/41785/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41785/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41785 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft Word 2002, which can be exploited by malicious people to compromise a user's system. 1) An error when parsing a specially crafted Word file may result in an uninitialised pointer being used. 2) An improper boundary check when parsing a specially crafted Word file can be exploited to corrupt memory. 3) An error in the handling of certain index values in a specially crafted Word file can be exploited to corrupt memory. 4) An error in the handling of certain return values when parsing a specially crafted Word file can be exploited to corrupt memory. 5) An error in the handling of bookmarks when parsing a specially crafted Word file can be exploited to corrupt memory. 6) An error in the handling of certain pointers when parsing a specially crafted Word file can be exploited to corrupt memory. 7) An error in the handling of certain records when parsing a specially crafted Word file can be exploited to cause a heap-based buffer overflow. 8) An error in the handling of certain indexes when parsing a specially crafted Word file can be exploited to corrupt memory. 9) An error in the parsing of a specially crafted Word file can be exploited to corrupt memory. 10) An error in the handling of certain malformed records when parsing a specially crafted Word file can be exploited to corrupt memory. 11) A boundary error when parsing a specially crafted Word file can be exploited to cause a stack-based buffer overflow. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1-10) The vendor credits Chaouki Bekrar, Vupen. 11) The vendor credits Nicolas Joly, Vupen. ORIGINAL ADVISORY: MS10-079 (KB2293194, KB2328360): http://www.microsoft.com/technet/security/bulletin/ms10-079.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 12 18:09:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Oct 2010 03:09:31 +0200 Subject: [SEC] [SA41779] Microsoft Windows Media Player Memory Corruption Vulnerability Message-ID: <201010130109.o9D19Vkr013323@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Microsoft Windows Media Player Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA41779 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41779/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41779 RELEASE DATE: 2010-10-13 DISCUSS ADVISORY: http://secunia.com/advisories/41779/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41779/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41779 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows Media Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in wmp.dll when deallocating objects during a reload operation and can be exploited to corrupt memory by tricking a user into visiting a specially crafted web page. Successful exploitation allows execution of arbitrary code, but requires that a user clicks through one or more pop-up dialog boxes. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits SkyLined, Google Inc. ORIGINAL ADVISORY: MS10-082 (KB2378111): http://www.microsoft.com/technet/security/bulletin/MS10-082.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 12 18:23:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Oct 2010 03:23:21 +0200 Subject: [SEC] [SA41789] Microsoft Office Word 2003 / Word Viewer Two Vulnerabilities Message-ID: <201010130123.o9D1NL0q001489@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Microsoft Office Word 2003 / Word Viewer Two Vulnerabilities SECUNIA ADVISORY ID: SA41789 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41789/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41789 RELEASE DATE: 2010-10-13 DISCUSS ADVISORY: http://secunia.com/advisories/41789/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41789/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41789 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Microsoft Word 2003 and Word Viewer, which can be exploited by malicious people to compromise a user's system. For more information see vulnerabilities #10 and #11: SA41785 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: MS10-079 (KB2293194, KB2344911, KB2345009): http://www.microsoft.com/technet/security/bulletin/ms10-079.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 12 18:44:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Oct 2010 03:44:37 +0200 Subject: [SEC] [SA41788] Microsoft Office 2004 for Mac Multiple Vulnerabilities Message-ID: <201010130144.o9D1ibTu022495@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Microsoft Office 2004 for Mac Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41788 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41788/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41788 RELEASE DATE: 2010-10-13 DISCUSS ADVISORY: http://secunia.com/advisories/41788/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41788/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41788 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Office 2004 for Mac, which can be exploited by malicious people to compromise a user's system. For more information see vulnerabilities #1, #2, #3, #4, #5, #9, #10, #11: SA41785 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: MS10-079 (KB2293194, KB2422343): http://www.microsoft.com/technet/security/bulletin/ms10-079.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 12 19:16:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Oct 2010 04:16:27 +0200 Subject: [SEC] [SA41724] PHP "php_filter_validate_email()" Denial of Service Vulnerability Message-ID: <201010130216.o9D2GR75013163@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: PHP "php_filter_validate_email()" Denial of Service Vulnerability SECUNIA ADVISORY ID: SA41724 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41724/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41724 RELEASE DATE: 2010-10-13 DISCUSS ADVISORY: http://secunia.com/advisories/41724/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41724/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41724 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in PHP, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "php_filter_validate_email()" function in the ext/filter/logical_filters.c, when validating email addresses. This can be exploited to cause a stack overflow and cause a crash via an overly long string. The vulnerability is confirmed in version 5.3.3. Other versions may also be affected. SOLUTION: Fixed in the SVN repository. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://bugs.php.net/bug.php?id=52929 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 12 19:45:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Oct 2010 04:45:25 +0200 Subject: [SEC] [SA41778] Microsoft Windows OpenType Font Parsing Two Vulnerabilities Message-ID: <201010130245.o9D2jP7P002021@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Microsoft Windows OpenType Font Parsing Two Vulnerabilities SECUNIA ADVISORY ID: SA41778 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41778/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41778 RELEASE DATE: 2010-10-13 DISCUSS ADVISORY: http://secunia.com/advisories/41778/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41778/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41778 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges and potentially by malicious people to compromise a user's system. 1) An error in the parsing of OTF (OpenType Font) files can be exploited by loading a properly formatted font and then reload it with specially crafted offset and length fields for the head table of the font. 2) An error when allocating memory during parsing of OTF files can be exploited to corrupt memory. Successful exploitation of the vulnerabilities may allow execution of arbitrary code with kernel privileges. For third-party web browsers natively rendering OpenType Fonts (OTF), this may be exploited remotely when a user visits a web page embedding a specially crafted font. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) Diego Juarez, Core Security Technologies. 2) The vendor credits Sebastian Apelt, siberas. ORIGINAL ADVISORY: MS10-078 (KB2279986): http://www.microsoft.com/technet/security/bulletin/ms10-078.mspx Core Security Technologies: http://www.coresecurity.com/content/ms-opentype-cff-parsing-vulnerability OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 12 20:09:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Oct 2010 05:09:30 +0200 Subject: [SEC] [SA41732] Zuitu "id" SQL Injection Vulnerability Message-ID: <201010130309.o9D39UWZ023159@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Zuitu "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA41732 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41732/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41732 RELEASE DATE: 2010-10-13 DISCUSS ADVISORY: http://secunia.com/advisories/41732/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41732/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41732 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: l4yn3 has reported a vulnerability in Zuitu, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to ajax/coupon.php (when "action" is set) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerability is reported in version 1.6. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: l4yn3, Wolves Security Team. ORIGINAL ADVISORY: http://bbs.wolvez.org/viewtopic.php?id=170 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 12 20:23:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Oct 2010 05:23:34 +0200 Subject: [SEC] [SA41757] Qt Creator Insecure LD_LIBRARY_PATH Security Issue Message-ID: <201010130323.o9D3NYUl011393@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Qt Creator Insecure LD_LIBRARY_PATH Security Issue SECUNIA ADVISORY ID: SA41757 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41757/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41757 RELEASE DATE: 2010-10-13 DISCUSS ADVISORY: http://secunia.com/advisories/41757/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41757/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41757 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Qt Creator, which can be exploited by malicious people to compromise a user's system. The security issue is caused due to the qtcreator script insecurely setting the environment variable LD_LIBRARY_PATH. This can be exploited to execute arbitrary code e.g. by tricking a user into running the script in a directory containing a malicious library. The security issue affects version 2.0.0 for the Linux/Unix platform. SOLUTION: Update to version 2.0.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://qt.nokia.com/about/news/security-announcement-qt-creator-2.0.0-for-desktop-platforms OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 12 20:44:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Oct 2010 05:44:32 +0200 Subject: [SEC] [SA41787] Microsoft Windows SChannel Client Certificate Request Denial of Service Message-ID: <201010130344.o9D3iWSX032320@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Microsoft Windows SChannel Client Certificate Request Denial of Service SECUNIA ADVISORY ID: SA41787 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41787/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41787 RELEASE DATE: 2010-10-13 DISCUSS ADVISORY: http://secunia.com/advisories/41787/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41787/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41787 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to the Secure Channel (SChannel) security package failing to check a logical condition when parsing client certificates. This can be exploited to cause the LSASS service to stop responding and restart the system via a specially crafted client certificate request to an affected IIS server hosting a SSL-enabled web site. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Mu Test Suite Team, Mu Dynamics. ORIGINAL ADVISORY: MS10-085 (KB2207566): http://www.microsoft.com/technet/security/bulletin/ms10-085.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 12 21:10:06 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Oct 2010 06:10:06 +0200 Subject: [SEC] [SA41771] OverLook "frame" Cross-Site Scripting Vulnerability Message-ID: <201010130410.o9D4A67S021080@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: OverLook "frame" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA41771 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41771/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41771 RELEASE DATE: 2010-10-13 DISCUSS ADVISORY: http://secunia.com/advisories/41771/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41771/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41771 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in OverLook, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "frame" parameter to title.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 5.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Anatolia Security ORIGINAL ADVISORY: Anatolia Security 2010-002: http://anatoliasecurity.com/adv/as-adv-2010-002.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 12 21:23:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Oct 2010 06:23:54 +0200 Subject: [SEC] [SA41744] Lhasa Insecure Executable Loading Vulnerability Message-ID: <201010130423.o9D4NsZH009306@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Lhasa Insecure Executable Loading Vulnerability SECUNIA ADVISORY ID: SA41744 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41744/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41744 RELEASE DATE: 2010-10-13 DISCUSS ADVISORY: http://secunia.com/advisories/41744/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41744/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41744 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Lhasa, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading "explorer.exe" in an insecure manner using WinExec() and can be exploited by tricking a user into e.g. opening a LZH or ZIP file located on a remote SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 0.19. Other versions may also be affected. SOLUTION: Update to version 0.20. PROVIDED AND/OR DISCOVERED BY: Mr. Makoto ORIGINAL ADVISORY: http://www.digitalpad.co.jp/~takechin/download.html#lhasa OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 12 21:44:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Oct 2010 06:44:27 +0200 Subject: [SEC] [SA41742] Lhaplus Insecure Library Loading Vulnerability Message-ID: <201010130444.o9D4iRtN030221@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Lhaplus Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41742 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41742/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41742 RELEASE DATE: 2010-10-13 DISCUSS ADVISORY: http://secunia.com/advisories/41742/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41742/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41742 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Lhaplus, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. 7-ZIP32.DLL) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a LZH or ZIP file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 1.57. Prior versions may also be affected. SOLUTION: Update to version 1.58. PROVIDED AND/OR DISCOVERED BY: Mr. Makoto, Hitachi Incident Response Team. ORIGINAL ADVISORY: Lhaplus: http://www7a.biglobe.ne.jp/~schezo/dll_vul.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 12 22:10:06 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Oct 2010 07:10:06 +0200 Subject: [SEC] [SA41740] Opera Multiple Vulnerabilities Message-ID: <201010130510.o9D5A6xk018983@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Opera Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41740 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41740/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41740 RELEASE DATE: 2010-10-13 DISCUSS ADVISORY: http://secunia.com/advisories/41740/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41740/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41740 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Opera, which can be exploited by malicious people to bypass certain security restrictions or conduct spoofing and cross-site scripting attacks. 1) A combination of cross-domain content inclusion being allowed and the manner in which the CSS parser is fault-tolerant when processing content can be exploited to bypass cross-domain checks and obtain sensitive information from a web page in another domain. 2) An error when altering the size of the browser window may cause the wrong part of the URL of a web page to be displayed. 3) An error in the handling of reloads and redirects combined with caching may result in scripts executing in the wrong security context. This can be exploited to spoof the address bar or conduct cross-site scripting attacks. Successful exploitation of this vulnerability allows manipulating Opera's configuration with minimal user interaction to execute arbitrary code. 4) In certain cases the origin of video content may not be checked, which may result in videos from unrelated sites being used as HTML5 canvas content without protecting it from scripts. This can be exploited to intercept private video streams. Successful exploitation of this vulnerability requires that the address is known and that a user is tricked into opening a specially crafted web page. 5) An error when handling invalid URLs may in certain cases be exploited to execute arbitrary script code in the context of another domain if a linked, invalid URL displayed in an error page runs script code. Successful exploitation of this vulnerability requires that a user interacts with a specially crafted error page. The vulnerabilities are reported in versions prior to 10.63. SOLUTION: Update to version 10.63. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Isaac Dawson. 2) Reported by the vendor. 3) Reported by the vendor. 4) The vendor credits Nirankush Panchbhai, Microsoft Vulnerability Research (MSVR). 5) Reported by the vendor. ORIGINAL ADVISORY: Opera: http://www.opera.com/docs/changelogs/windows/1063/ http://www.opera.com/support/kb/view/971/ http://www.opera.com/support/kb/view/972/ http://www.opera.com/support/kb/view/973/ http://www.opera.com/support/kb/view/974/ http://www.opera.com/support/kb/view/976/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 13 10:30:55 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Oct 2010 19:30:55 +0200 Subject: [SEC] [SA41803] Nuance PDF Reader Buffer Overflow Vulnerability Message-ID: <201010131730.o9DHUtTF032248@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Nuance PDF Reader Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA41803 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41803/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41803 RELEASE DATE: 2010-10-13 DISCUSS ADVISORY: http://secunia.com/advisories/41803/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41803/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41803 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Nuance PDF Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when parsing certain objects and can be exploited to cause a stack-based buffer overflow via a specially crafted PDF file. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 6 (PD-1031-001-1109.1). Other versions may also be affected. SOLUTION: Update to version 6 (PD-1031-001-10472.1). PROVIDED AND/OR DISCOVERED BY: p4r4noid ORIGINAL ADVISORY: CORELAN 10-062: http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-062-stack-buffer-overflow-in-nuance-pdf-reader-v6-0/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 13 11:30:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Oct 2010 20:30:05 +0200 Subject: [SEC] [SA41818] Oracle Open Office Multiple Vulnerabilities Message-ID: <201010131830.o9DIU5TH022515@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Oracle Open Office Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41818 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41818/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41818 RELEASE DATE: 2010-10-13 DISCUSS ADVISORY: http://secunia.com/advisories/41818/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41818/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41818 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged some vulnerabilities in Oracle Open Office, which can by exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, manipulate certain data, and compromise a user's system. For more information: SA21709 SA34461 SA35967 SA37291 SA38568 SA40070 Please see the vendor's advisory for details on affected versions. SOLUTION: Apply patches (please see the vendor's advisory for details). ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html http://blogs.sun.com/security/entry/cve_2009_3555_vulnerability_in http://blogs.sun.com/security/entry/cve_2009_2493_staroffice_starsuite http://blogs.sun.com/security/entry/cve_2009_0217_vulnerability_in http://blogs.sun.com/security/entry/cve_2006_4339_vulnerability_in OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 13 12:30:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Oct 2010 21:30:05 +0200 Subject: [SEC] [SA41834] Oracle iPlanet Web Server "Web Container" Unspecified Vulnerability Message-ID: <201010131930.o9DJU53Z012796@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Oracle iPlanet Web Server "Web Container" Unspecified Vulnerability SECUNIA ADVISORY ID: SA41834 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41834/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41834 RELEASE DATE: 2010-10-13 DISCUSS ADVISORY: http://secunia.com/advisories/41834/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41834/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41834 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Oracle iPlanet Web Server, which can be exploited by malicious people to manipulate certain data. The vulnerability is caused due to an unspecified error in the "Web Container" component and can be exploited to manipulate certain data. The vulnerability is reported in Oracle iPlanet Web Server versions 6.1 and 7.0. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported the vulnerability as the Oracle Critical Patch Update for October 2010 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 13 13:31:01 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Oct 2010 22:31:01 +0200 Subject: [SEC] [SA41833] Oracle iPlanet Web Server Multiple Vulnerabilities Message-ID: <201010132031.o9DKV1GQ003117@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Oracle iPlanet Web Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41833 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41833/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41833 RELEASE DATE: 2010-10-13 DISCUSS ADVISORY: http://secunia.com/advisories/41833/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41833/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41833 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Oracle iPlanet Web Server, which can be exploited by malicious users to disclose sensitive information and by malicious people to disclose certain data, manipulate certain data, or cause a DoS (Denial of Service). 1) An unspecified error within the "Administration" component can be exploited to manipulate certain data or cause a DoS (Denial of Service). 2) Another unspecified error within the "Administration" component can be exploited to disclose and manipulate certain data. The vulnerabilities are reported in Oracle iPlanet Web Server version 7.0. 3) An unspecified error in the "WebDAV" component can be exploited by authenticated users to disclose certain information. This vulnerability is reported in Oracle iPlanet Web Server version 7.0u8. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported the vulnerabilities as the Oracle Critical Patch Update for October 2010 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 13 14:24:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Oct 2010 23:24:02 +0200 Subject: [SEC] [SA41783] Oracle PeopleSoft Enterprise Products Multiple Vulnerabilities Message-ID: <201010132124.o9DLO2TE025501@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Oracle PeopleSoft Enterprise Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41783 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41783/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41783 RELEASE DATE: 2010-10-13 DISCUSS ADVISORY: http://secunia.com/advisories/41783/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41783/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41783 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Oracle PeopleSoft Enterprise products , which can be exploited by malicious users to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service) and by malicious people to manipulate certain data. 1) An unspecified error in the "CRM - Order Capture" component can be exploited by authenticated users to disclose and manipulate certain data. 2) An unspecified error in the "FMS - AM" component can be exploited by authenticated users to manipulate certain data and cause a DoS. 3) An unspecified error in the "FMS - AM" component can be exploited by authenticated users to disclose and manipulate certain data. 4) An unspecified error in the "FMS - Cach Management" component can be exploited by authenticated users to disclose and manipulate certain data. 5) An unspecified error in the "FMS - GL" component can be exploited by authenticated users to disclose and manipulate certain data. 6) A second unspecified error in the "FMS - GL" component can be exploited by authenticated users to disclose and manipulate certain data. 7) An unspecified error in the "FMS ESA - RM" component can be exploited by authenticated users to disclose and manipulate certain data. 8) An unspecified error in the "FMS, SCM, EPM, CRM and Campus Solutions" components can be exploited by authenticated users to disclose and manipulate certain data. 9) An unspecified error in the "HCM - GP France" component can be exploited by authenticated users to disclose and manipulate certain data. 10) An unspecified error in the "HCM - HR" component can be exploited by authenticated users to disclose and manipulate certain data. 11) An unspecified error in the "HCM GP - Japan" component can be exploited by authenticated users to disclose and manipulate certain data. 12) An unspecified error in the "HCM ePay" component can be exploited by authenticated users to disclose and manipulate certain data. 13) An unspecified error in the "SCM" component can be exploited by authenticated users to disclose and manipulate certain data. 14) An unspecified error in the "SCM - PO" component can be exploited by authenticated users to disclose and manipulate certain data. 15) An unspecified error in the "SCM - Strategic Sourcing" component can be exploited by authenticated users to disclose and manipulate certain data. 16) An unspecified error in the "SCM OM and CRM Order Capture" components can be exploited by authenticated users to disclose and manipulate certain data. 17) An unspecified error in the "FMS ESA - EX" component can be exploited by authenticated users to disclose and manipulate certain data. 18) An unspecified error in the "PeopleTools" component can be exploited to manipulate certain data. 19) An unspecified error in the "CRM - Commom Components" component can be exploited by authenticated users to disclose certain data. 20) A second unspecified error in the "PeopleTools" component can be exploited by authenticated users to manipulate certain data. 21) A third unspecified error in the "PeopleTools" component can be exploited by authenticated users to disclose certain data. The vulnerabilities are reported in the following products: * PeopleSoft Enterprise CRM, FMS, HCM, and SCM versions 8.9, 9.0, and 9.1. * PeopleSoft Enterprise EPM and Campus Solutions versions 8.9, 9.0, and 9.1. * PeopleSoft Enterprise PeopleTools version 8.49 and 8.50. SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported these vulnerabilities as the Oracle Critical Patch Update for October 2010 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 13 14:45:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 13 Oct 2010 23:45:25 +0200 Subject: [SEC] [SA41805] Collabtive Multiple Vulnerabilities Message-ID: <201010132145.o9DLjP5x014065@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Collabtive Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41805 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41805/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41805 RELEASE DATE: 2010-10-13 DISCUSS ADVISORY: http://secunia.com/advisories/41805/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41805/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41805 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in Collabtive, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) Input passed via the "User" field when editing a user profile to manageuser.php is not properly sanitised before being used and returned to the user. This can be exploited to insert arbitrary HTML and script code, which will get executed in a user's browser session in context of an affected site when the malicious data is being viewed. 2) Input passed via the "y" parameter to manageajax.php (when "action" is set to "newcal") and via the "pic" parameter to thumb.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) The application allows users to perform certain actions via HTTP requests without making validity checks to verify the requests. This can be exploited to e.g. add an administrative user by tricking an administrator into visiting a malicious web site while being logged-in to the application. The vulnerabilities are confirmed in version 0.65. Other versions may also be affected. SOLUTION: Edit the source code to ensure that the input is properly sanitised. Do not browse untrusted web sites or follow untrusted links while being logged in to the application. PROVIDED AND/OR DISCOVERED BY: Anatolia Security ORIGINAL ADVISORY: Anatolia Security 2010-003: http://www.anatoliasecurity.com/adv/as-adv-2010-003.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 13 15:15:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Oct 2010 00:15:24 +0200 Subject: [SEC] [SA41758] Oracle Siebel Products Multiple Vulnerabilities Message-ID: <201010132215.o9DMFOev003078@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Oracle Siebel Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41758 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41758/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41758 RELEASE DATE: 2010-10-13 DISCUSS ADVISORY: http://secunia.com/advisories/41758/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41758/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41758 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in multiple Oracle Siebel products, which can be exploited by malicious users to disclose certain information and compromise a vulnerable system. 1) An unspecified error can be exploited to execute arbitrary code. Further information is currently not available. 2) Another unspecified error can be exploited to execute arbitrary code. Further information is currently not available. 3) An unspecified error can be exploited to disclose certain information. Further information is currently not available. 4) Another unspecified error can be exploited to disclose certain information. Further information is currently not available. The vulnerabilities are reported in versions 7.7.2.12, 7.8.2.14, 8.0.0.10, and 8.1.1.3. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported the vulnerabilities as the Oracle Critical Patch Update for October 2010 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 13 15:47:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Oct 2010 00:47:27 +0200 Subject: [SEC] [SA41828] Sun Solaris Multiple Vulnerabilities Message-ID: <201010132247.o9DMlRnX024529@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Sun Solaris Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41828 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41828/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41828 RELEASE DATE: 2010-10-14 DISCUSS ADVISORY: http://secunia.com/advisories/41828/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41828/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41828 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Sun Solaris, which can be exploited by malicious users to manipulate certain data or cause a DoS (Denial of Service) and by malicious people to disclose sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. 1) An unspecified error within the "Scheduler" component can be exploited to execute arbitrary code. 2) An unspecified error within the "Live Upgrade" component can be exploited to execute arbitrary code. 3) An unspecified error within the "Kernel/Disk Driver" component can be exploited to cause a DoS (Denial of Service). NOTE: This vulnerability does not affect Sun Solaris 8. 4) An unspecified error within the "SCSI enclosure services device driver" component can be exploited to manipulate certain data or cause a DoS (Denial of Service). 5) An unspecified error within the "Device Drivers" component can be exploited by authenticated users to manipulate certain data or cause a DoS (Denial of Service). NOTE: This vulnerability does not affect Sun Solaris 8. 6) An unspecified error within the "USB" component can be exploited to disclose certain sensitive information. The vulnerabilities are reported in Sun Solaris versions 8, 9, and 10. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported the vulnerabilities as the Oracle Critical Patch Update for October 2010 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 13 16:11:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Oct 2010 01:11:59 +0200 Subject: [SEC] [SA41837] Oracle Explorer Unspecified Vulnerability Message-ID: <201010132311.o9DNBxwW013230@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Oracle Explorer Unspecified Vulnerability SECUNIA ADVISORY ID: SA41837 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41837/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41837 RELEASE DATE: 2010-10-14 DISCUSS ADVISORY: http://secunia.com/advisories/41837/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41837/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41837 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Oracle Explorer, which can be exploited by malicious, local users to disclose and manipulate certain data. The vulnerability is caused due to an unspecified error. Further information is currently not available. The vulnerability is reported in version 6.4. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported the vulnerability as the Oracle Critical Patch Update for October 2010 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 13 16:46:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Oct 2010 01:46:16 +0200 Subject: [SEC] [SA41836] Sun Java System Directory Server Enterprise Edition Unspecified Vulnerability Message-ID: <201010132346.o9DNkGg4002309@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Sun Java System Directory Server Enterprise Edition Unspecified Vulnerability SECUNIA ADVISORY ID: SA41836 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41836/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41836 RELEASE DATE: 2010-10-14 DISCUSS ADVISORY: http://secunia.com/advisories/41836/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41836/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41836 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Sun Java System Directory Server Enterprise Edition, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified error in the "Identity Synchronization for Windows" component, which can be exploited to execute arbitrary code. The vulnerability is reported in versions 6.0, 6.1, 6.2, and 6.3. SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported the vulnerability as the Oracle Critical Patch Update for October 2010 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 13 17:15:06 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Oct 2010 02:15:06 +0200 Subject: [SEC] [SA41829] Sun Solaris Multiple Vulnerabilities Message-ID: <201010140015.o9E0F6cp023640@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Sun Solaris Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41829 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41829/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41829 RELEASE DATE: 2010-10-14 DISCUSS ADVISORY: http://secunia.com/advisories/41829/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41829/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41829 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Sun Solaris, which can be exploited by malicious users and malicious people to disclose and manipulate certain data and by malicious people to cause a DoS (Denial of Service). 1) An unspecified error within the "su" component can be exploited to disclose and manipulate certain data. 2) An unspecified error within the "Kernel/X86" component can be exploited to cause a DoS (Denial of Service). 3) An unspecified error within the "InfiniBand" component can be exploited to cause a DoS (Denial of Service). 4) An unspecified error within the "ZFS" component can be exploited to cause a DoS (Denial of Service). 5) An unspecified error within the "Solaris Zones" component can be exploited by authenticated users to disclose and manipulate certain data. The vulnerabilities are reported in Sun Solaris version 10. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported these vulnerabilities as the Oracle Critical Patch Update for October 2010 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 13 17:44:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Oct 2010 02:44:20 +0200 Subject: [SEC] [SA41835] Sun Java System Identity Manager Unspecified Vulnerability Message-ID: <201010140044.o9E0iK5V012560@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Sun Java System Identity Manager Unspecified Vulnerability SECUNIA ADVISORY ID: SA41835 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41835/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41835 RELEASE DATE: 2010-10-14 DISCUSS ADVISORY: http://secunia.com/advisories/41835/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41835/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41835 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Sun Java System Identity Manager, which can be exploited by malicious people to disclose and manipulate certain data. The vulnerability is caused due to an unspecified error. Further information is currently not available. The vulnerability is reported in Sun Java System Identity Manager version 8.1. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported the vulnerability as the Oracle Critical Patch Update for October 2010 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 13 18:09:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Oct 2010 03:09:43 +0200 Subject: [SEC] [SA41782] Oracle Supply Chain Products Two Vulnerabilities Message-ID: <201010140109.o9E19h4p001222@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Oracle Supply Chain Products Two Vulnerabilities SECUNIA ADVISORY ID: SA41782 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41782/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41782 RELEASE DATE: 2010-10-14 DISCUSS ADVISORY: http://secunia.com/advisories/41782/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41782/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41782 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Oracle Supply Chain Products, which can be exploited by malicious users to manipulate certain data and by malicious people to disclose potentially sensitive information. 1) An error in the "Transportation Management" component can be exploited to disclose sensitive information. For more information: SA37291 2) An unspecified error in the "Agile PLM" component can be exploited by authenticated users to manipulate certain data. The vulnerabilities are reported in the following products: * Agile PLM version 9.3.0.0. * Oracle Transportation Management version 5.5, 6.0, and 6.1. SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported these vulnerabilities as the Oracle Critical Patch Update for October 2010 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 13 18:24:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Oct 2010 03:24:23 +0200 Subject: [SEC] [SA41791] Sun Java JDK / JRE / SDK Multiple Vulnerabilities Message-ID: <201010140124.o9E1ONc8021923@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Sun Java JDK / JRE / SDK Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41791 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41791/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41791 RELEASE DATE: 2010-10-14 DISCUSS ADVISORY: http://secunia.com/advisories/41791/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41791/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41791 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Sun Java, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information, manipulate certain data, and compromise a vulnerable system. 1) An error in the 2D component may allow execution of arbitrary code. 2) An error in the 2D component may allow execution of arbitrary code. 3) An integer overflow error in the "JPEGImageWriter.writeImage()" function when processing JPEG image dimensions of a subsample can be exploited to corrupt memory. Successful exploitation may allow execution of arbitrary code. 4) An integer overflow error in the color profile parser when processing the ICC Profile Device Information Tag structure fails to properly allocate memory. Successful exploitation may allow execution of arbitrary code. 5) An error in the 2D component may allow execution of arbitrary code. 6) An integer overflow error in the color profile parser when processing the ICC Profile Unicode Description Tag structure fails to properly allocate memory. Successful exploitation may allow execution of arbitrary code. 7) An error in the CORBA component may allow execution of arbitrary code. 8) An error in the com.sun.jnlp.BasicServiceImpl class when retrieving a security policy can be exploited to remove sandbox restrictions. Successful exploitation may allow execution of arbitrary code. 9) An error in the JRE component may allow execution of arbitrary code. 10) An error in the JRE component may allow execution of arbitrary code. 11) An error in the Java Web Start component may allow execution of arbitrary code. 12) A boundary error in the New Java Plugin (JP2IEXP.dll) when copying the "docbase" applet parameter can be exploited to cause a stack-based buffer overflow. Successful exploitation may allow execution of arbitrary code. 13) A signedness error in the "HeadspaceSoundbank.nGetName()" function when parsing BANK records can be exploited to cause a buffer overflow using memcpy() via a specially crafted SoundBank file. Successful exploitation may allow execution of arbitrary code. 14) An error in the Sound component may allow execution of arbitrary code. 15) An error in the Swing component may allow execution of arbitrary code. 16) An error in the ActiveX plugin fails to properly initialize a window handle and may allow execution of arbitrary code. 17) An error in the Java Web Start component may allow execution of arbitrary code. 18) An error in the Deployment Toolkit component may allow execution of arbitrary code. 19) An error in the CORBA component can be exploited to disclose and manipulate certain data. 20) An error in the JSSE TLS/SSL component can be exploited to manipulate certain data. For more information: SA37291 21) A NULL-pointer dereference error in Kerberos GSS-API can be exploited to cause a DoS. For more information: SA39762 22) An error in the Networking component can be exploited to disclose and manipulate certain data. 23) An error in the Swing component can be exploited to disclose and manipulate certain data. 24) An error in the Networking component can be exploited to disclose and manipulate certain data. 25) An error in the Networking component can be exploited to disclose and manipulate certain data. 26) An error in the Networking component can be exploited to disclose and manipulate certain data. 27) An error in the JNDI component can be exploited to disclose certain data. 28) An error in the Networking component can be exploited to disclose certain data. 29) An error in the Networking component can be exploited to disclose certain data. SOLUTION: Apply updates. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 3) An anonymous person, reported via ZDI. 4,6) Intevydis, reported via ZDI. 8) Matthias Kaiser, reported via ZDI. 12,16) Stephen Fewer of Harmony Security, reported via ZDI. 13) An anonymous person, reported via ZDI. 16) An anonymous person, reported via ZDI. It is currently unclear who reported these vulnerabilities as the Oracle Critical Patch Update for October 2010 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-202/ http://www.zerodayinitiative.com/advisories/ZDI-10-203/ http://www.zerodayinitiative.com/advisories/ZDI-10-204/ http://www.zerodayinitiative.com/advisories/ZDI-10-205/ http://www.zerodayinitiative.com/advisories/ZDI-10-206/ http://www.zerodayinitiative.com/advisories/ZDI-10-207/ http://www.zerodayinitiative.com/advisories/ZDI-10-208/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 13 18:44:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Oct 2010 03:44:23 +0200 Subject: [SEC] [SA41832] Sun Java Communications Suite Two Vulnerabilities Message-ID: <201010140144.o9E1iNxf010413@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Sun Java Communications Suite Two Vulnerabilities SECUNIA ADVISORY ID: SA41832 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41832/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41832 RELEASE DATE: 2010-10-14 DISCUSS ADVISORY: http://secunia.com/advisories/41832/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41832/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41832 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Sun Java Communications Suite, which can be exploited by malicious people to disclose certain information or manipulate certain data. 1) An unspecified error in the "Webmail" component can be exploited to disclose certain information or manipulate certain data. 2) An unspecified error in the "Authentication mechanism" component can be exploited to disclose certain information or manipulate certain data. The vulnerabilities affect the following products: * Sun Convergence version 1.0 * Sun Java Communications Suite version 7.0 SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported the vulnerabilities as the Oracle Critical Patch Update for October 2010 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 13 19:15:53 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Oct 2010 04:15:53 +0200 Subject: [SEC] [SA41762] Oracle Fusion Middleware Products Multiple Vulnerabilities Message-ID: <201010140215.o9E2FrFr032301@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Oracle Fusion Middleware Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41762 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41762/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41762 RELEASE DATE: 2010-10-14 DISCUSS ADVISORY: http://secunia.com/advisories/41762/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41762/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41762 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Oracle Fusion Middleware Products, which can be exploited by malicious, local users and malicious users to manipulate certain data and by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. 1) An error exists in Oracle Enterprise Manager Grid Control. For more information: SA41794 2) An unspecified error in the "Identity Management" component can be exploited to cause a DoS. 3) An unspecified error in the "BI Publisher" component can be exploited to manipulate certain data. 4) An unspecified error in the "Cabo/UIX" component can be exploited to manipulate certain data. 5) A second unspecified error in the "Cabo/UIX" component can be exploited to manipulate certain data. 6) A third unspecified error in the "Cabo/UIX" component can be exploited to manipulate certain data. 7) An unspecified error in the "Forms" component can be exploited to manipulate certain data. 8) An unspecified error in the "BPEL Console" component can be exploited by authenticated users to manipulate certain data. 9) An error in the "Perl" component can be exploited by authenticated, local users to manipulate certain data. For more information see vulnerability #9: SA41815 The vulnerabilities are reported in the following products: * Oracle Fusion Middleware 11gR1 version 11.1.1.1.0 and 11.1.1.2.0. * Oracle Application Server 10gR3 version 10.1.3.5.0. * Oracle Application Server 10gR2 version 10.1.2.3.0. * Oracle BI Publisher version 10.1.3.3.2, 10.1.3.4.0, and 10.1.3.4.1. * Oracle Identity Management 10g version 10.1.4.0.1, and 10.1.4.3. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported these vulnerabilities as the Oracle Critical Patch Update for October 2010 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 13 19:44:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Oct 2010 04:44:43 +0200 Subject: [SEC] [SA41830] Oracle Communications Messaging Server "Web Mail" Unspecified Vulnerability Message-ID: <201010140244.o9E2ihvI021182@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Oracle Communications Messaging Server "Web Mail" Unspecified Vulnerability SECUNIA ADVISORY ID: SA41830 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41830/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41830 RELEASE DATE: 2010-10-14 DISCUSS ADVISORY: http://secunia.com/advisories/41830/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41830/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41830 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Oracle Communications Messaging Server, which can be exploited by malicious people to disclose certain information or manipulate certain data. The vulnerability is caused due to an unspecified error in the "Web Mail" component and can be exploited to disclose certain information or manipulate certain data. The vulnerability is reported in versions 6.0, 6.2, 6.3, and 7.0. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported the vulnerability as the Oracle Critical Patch Update for October 2010 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 13 20:10:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Oct 2010 05:10:29 +0200 Subject: [SEC] [SA41780] Oracle E-Business Suite Multiple Vulnerabilities Message-ID: <201010140310.o9E3ATNu009933@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Oracle E-Business Suite Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41780 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41780/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41780 RELEASE DATE: 2010-10-14 DISCUSS ADVISORY: http://secunia.com/advisories/41780/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41780/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41780 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Oracle E-Business Suite, which can be exploited by malicious users and malicious people to manipulate certain data and by malicious people to disclose potentially sensitive information. 1) An unspecified error in the "Applications Manager" component can be exploited to disclose and manipulate certain data. 2) An unspecified error in the "Applications Technology Stack" component can be exploited to manipulate certain data. 3) An unspecified error in the "E-Business Intelligence" component can be exploited to manipulate certain data. 4) An unspecified error in the "Territory Management" component can be exploited to manipulate certain data. 5) An unspecified error in the "iRecruitment" component can be exploited to manipulate certain data. 6) An unspecified error in the "iRecruitment" component can be exploited by authenticated users to manipulate certain data. The vulnerabilities are reported in the following products: * Oracle E-Business Suite Release 12 version 12.0.4, 12.0.5, 12.0.6, 12.1.1, and 12.1.2. * Oracle E-Business Suite Release 11i version 11.5.10 and 11.5.10.2. SOLUTION: Apply updates (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported these vulnerabilities as the Oracle Critical Patch Update for October 2010 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 13 20:24:01 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Oct 2010 05:24:01 +0200 Subject: [SEC] [SA41831] Oracle Communications Messaging Server "Webmail" Unspecified Vulnerability Message-ID: <201010140324.o9E3O1UX030517@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Oracle Communications Messaging Server "Webmail" Unspecified Vulnerability SECUNIA ADVISORY ID: SA41831 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41831/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41831 RELEASE DATE: 2010-10-14 DISCUSS ADVISORY: http://secunia.com/advisories/41831/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41831/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41831 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Oracle Communications Messaging Server, which can be exploited by malicious people to disclose certain information or manipulate certain data. The vulnerability is caused due to an unspecified error in the "Webmail" component and can be exploited to disclose certain information or manipulate certain data. The vulnerability is reported in version 7.0. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported the vulnerability as the Oracle Critical Patch Update for October 2010 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 13 20:44:45 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Oct 2010 05:44:45 +0200 Subject: [SEC] [SA41827] Oracle VM Multiple Vulnerabilities Message-ID: <201010140344.o9E3ijoA019035@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Oracle VM Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41827 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41827/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41827 RELEASE DATE: 2010-10-14 DISCUSS ADVISORY: http://secunia.com/advisories/41827/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41827/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41827 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Oracle VM, which can be exploited by malicious, local users to gain escalated privileges and by malicious users to compromise a vulnerable system. 1) An unspecified error related to the ovs-agent can be exploited by authenticated users to execute arbitrary code. 2) An unspecified error related to the ovs-agent can be exploited by authenticated users to execute arbitrary code. 3) An unspecified error related to the ovs-agent can be exploited by authenticated users to execute arbitrary code. 4) An unspecified error related to the ovs-agent can be exploited by local users to gain escalated privileges. The vulnerabilities are reported in version 2.2.1. Other versions may also be affected. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported the vulnerabilities as the Oracle Critical Patch Update for October 2010 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 13 21:10:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Oct 2010 06:10:37 +0200 Subject: [SEC] [SA41815] Oracle Database Multiple Vulnerabilities Message-ID: <201010140410.o9E4AbMO007801@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Oracle Database Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41815 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41815/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41815 RELEASE DATE: 2010-10-14 DISCUSS ADVISORY: http://secunia.com/advisories/41815/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41815/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41815 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Oracle Database, which can be exploited by malicious, local users to manipulate certain data, by malicious users to disclose or manipulate certain data and compromise a vulnerable system, and by malicious people to manipulate certain data or compromise a vulnerable system. 1) An unspecified error exists in the Oracle Enterprise Manager Grid Control. For more information: SA41794 2) A race condition error in the SecurityManager implementation in the "Java Virtual Machine" component can be exploited by authenticated users to execute Java code outside of the sandbox. 3) An unspecified error in the "Change Data Capture" component can be exploited by authenticated users to disclose or manipulate certain data. This may be related to: SA39762 4) An unspecified error in the "OLAP" component can be exploited by authenticated users to disclose or manipulate certain data. 5) An unspecified error in the "Change Data Capture" component can be exploited by authenticated users to disclose or manipulate certain data. 6) An unspecified error in the "Job Queue" component can be exploited by authenticated users to execute arbitrary code. 7) An unspecified error in the "XDK" component can be exploited to manipulate certain data. 8) An unspecified error in the "Core RDBMS" component can be exploited by authenticated users to disclose or manipulate certain data. 9) An unspecified error in the "Perl" component can be exploited by authenticated, local users to manipulate certain data. The vulnerabilities are reported in the following products and versions: * Oracle Database 11g Release 2, version 11.2.0.1 * Oracle Database 11g Release 1, version 11.1.0.7 * Oracle Database 10g Release 2, versions 10.2.0.3 and 10.2.0.4 * Oracle Database 10g, Release 1, version 10.1.0.5 SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: 2) Sami Koivu, reported via ZDI It is currently unclear who reported the remaining vulnerabilities as the Oracle Critical Patch Update for October 2010 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html ZDI http://www.zerodayinitiative.com/advisories/ZDI-10-201/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 13 21:45:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Oct 2010 06:45:05 +0200 Subject: [SEC] [SA39504] Oracle Primavera P6 Enterprise Project Portfolio Management Unspecified Vulnerability Message-ID: <201010140445.o9E4j585029327@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Oracle Primavera P6 Enterprise Project Portfolio Management Unspecified Vulnerability SECUNIA ADVISORY ID: SA39504 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39504/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39504 RELEASE DATE: 2010-10-14 DISCUSS ADVISORY: http://secunia.com/advisories/39504/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39504/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39504 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Oracle Primavera P6 Enterprise Project Portfolio Management, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified error. Further information is currently not available. The vulnerability is reported in versions 6.21.3.0 and 7.0.1.0. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported the vulnerability as the Oracle Critical Patch Update for October 2010 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 13 22:09:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Oct 2010 07:09:12 +0200 Subject: [SEC] [SA41823] SUSE update for MozillaFirefox, MozillaThunderbird, and seamonkey Message-ID: <201010140509.o9E59CaX018000@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: SUSE update for MozillaFirefox, MozillaThunderbird, and seamonkey SECUNIA ADVISORY ID: SA41823 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41823/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41823 RELEASE DATE: 2010-10-14 DISCUSS ADVISORY: http://secunia.com/advisories/41823/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41823/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41823 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for MozillaFirefox, MozillaThunderbird, and seamonkey. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, or to compromise a user's system. For more information: SA39925 SA41297 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SA:2010:049: http://www.novell.com/linux/security/advisories/2010_49_firefox.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 14 10:29:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Oct 2010 19:29:49 +0200 Subject: [SEC] [SA41802] AnyConnect Directory Traversal Vulnerability Message-ID: <201010141729.o9EHTnfi000339@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: AnyConnect Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA41802 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41802/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41802 RELEASE DATE: 2010-10-14 DISCUSS ADVISORY: http://secunia.com/advisories/41802/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41802/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41802 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in AnyConnect, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when downloading directories containing files with directory traversal specifiers in the filename. This can be exploited to download files to an arbitrary location on a user's system. Successful exploitation requires that the user is tricked into connecting and downloading a directory from a malicious FTP server. The vulnerability is confirmed in version 1.2.3.0. Other versions may also be affected. SOLUTION: Do not download files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: High-Tech Bridge SA: http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_anyconnect.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 14 11:29:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Oct 2010 20:29:47 +0200 Subject: [SEC] [SA41808] SmartFTP Insecure Library Loading Vulnerability Message-ID: <201010141829.o9EITlUU023111@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: SmartFTP Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41808 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41808/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41808 RELEASE DATE: 2010-10-14 DISCUSS ADVISORY: http://secunia.com/advisories/41808/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41808/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41808 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in SmartFTP, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a TXT, HTML, or MPG file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code, but requires that files are opened via the Windows Explorer "Open With" menu. The vulnerability is confirmed in version 4.0.1140.0. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: anT!-Tr0J4n ORIGINAL ADVISORY: http://packetstormsecurity.org/1010-exploits/smartftp4-dllhijack.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 14 12:29:45 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Oct 2010 21:29:45 +0200 Subject: [SEC] [SA41796] TWiki Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201010141929.o9EJTjl8013401@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: TWiki Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA41796 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41796/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41796 RELEASE DATE: 2010-10-14 DISCUSS ADVISORY: http://secunia.com/advisories/41796/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41796/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41796 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in TWiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "rev" parameter to bin/view and input passed as parameter names to bin/login is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in versions prior to 5.0.1. SOLUTION: Update to version 5.0.1 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: TWiki: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2010-3841 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 14 13:29:45 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Oct 2010 22:29:45 +0200 Subject: [SEC] [SA41693] Linux Kernel i915 Privilege Escalation Vulnerability Message-ID: <201010142029.o9EKTjbi003687@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Linux Kernel i915 Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA41693 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41693/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41693 RELEASE DATE: 2010-10-14 DISCUSS ADVISORY: http://secunia.com/advisories/41693/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41693/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41693 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an error in the i915 GEM ioctl interface, which can be exploited to write to an arbitrary kernel memory location. SOLUTION: Fixed in version 2.6.36-rc7. PROVIDED AND/OR DISCOVERED BY: The vendor credits Kees Cook. ORIGINAL ADVISORY: http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.36-rc7 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ce9d419dbecc292cc3e06e8b1d6d123d3fa813a4 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 14 14:23:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Oct 2010 23:23:40 +0200 Subject: [SEC] [SA41798] Fresh FTP Directory Traversal Vulnerability Message-ID: <201010142123.o9ELNeSn026118@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Fresh FTP Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA41798 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41798/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41798 RELEASE DATE: 2010-10-14 DISCUSS ADVISORY: http://secunia.com/advisories/41798/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41798/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41798 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in Fresh FTP, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when downloading directories containing files with directory traversal specifiers in the filename. This can be exploited to download files to an arbitrary location on a user's system. Successful exploitation requires that the user is tricked into connecting and downloading a directory from a malicious FTP server. The vulnerability is confirmed in version 5.37. Other versions may also be affected. SOLUTION: Do not download files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22628: http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_freshftp.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 14 14:44:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 14 Oct 2010 23:44:30 +0200 Subject: [SEC] [SA41851] SUSE update for kernel Message-ID: <201010142144.o9ELiUgp014644@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: SUSE update for kernel SECUNIA ADVISORY ID: SA41851 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41851/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41851 RELEASE DATE: 2010-10-14 DISCUSS ADVISORY: http://secunia.com/advisories/41851/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41851/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41851 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose system and sensitive information, and potentially gain escalated privileges. For more information: SA41234 SA41263 SA41284 SA41440 SA41462 SA41493 SA41693 SOLUTION: Updated packages are available via YaST Online Update or SUSE FTP server. ORIGINAL ADVISORY: SUSE-SA:2010:050: http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 14 15:12:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Oct 2010 00:12:34 +0200 Subject: [SEC] [SA41806] e2eSoft VCam Insecure Library Loading Vulnerability Message-ID: <201010142212.o9EMCYYh003590@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: e2eSoft VCam Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41806 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41806/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41806 RELEASE DATE: 2010-10-14 DISCUSS ADVISORY: http://secunia.com/advisories/41806/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41806/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41806 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in e2eSoft VCam, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application bundling a vulnerable version of the cxcore100.dll library, which loads libraries (e.g. ippcc.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a VPL or MPG file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code, but requires that files are opened via the Windows Explorer "Open With" menu. The vulnerability is confirmed in version 5.0.2.11. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: anT!-Tr0J4n ORIGINAL ADVISORY: http://packetstormsecurity.org/1010-exploits/e2esoft-dllhijack.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 14 15:45:52 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Oct 2010 00:45:52 +0200 Subject: [SEC] [SA41824] Winamp Integer Overflow and Buffer Overflow Vulnerabilities Message-ID: <201010142245.o9EMjqTV025090@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Winamp Integer Overflow and Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA41824 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41824/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41824 RELEASE DATE: 2010-10-15 DISCUSS ADVISORY: http://secunia.com/advisories/41824/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41824/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41824 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered two vulnerabilities in Winamp, which can be exploited by malicious people to compromise a user's system. 1) An integer overflow error in the "in_mkv.dll" plugin when allocating memory using "malloc()" can be exploited to cause a heap-based buffer overflow via a specially crafted MKV file. Successful exploitation may allow execution of arbitrary code. 2) A boundary error in the "in_mod.dll" plugin when parsing Multitracker Module (MTM) files and can be exploited to cause a stack-based buffer overflow via a specially crafted file. Successful exploitation allows execution of arbitrary code but requires the user to click on the "View file info" option. The vulnerabilities are confirmed in version 5.581. Other versions may also be affected. SOLUTION: Do not open untrusted MKV or MTM files. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/winamp_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 14 16:11:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Oct 2010 01:11:39 +0200 Subject: [SEC] [SA41764] Avactis Shopping Cart "User-Agent" SQL Injection Vulnerability Message-ID: <201010142311.o9ENBd4R013864@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Avactis Shopping Cart "User-Agent" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA41764 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41764/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41764 RELEASE DATE: 2010-10-15 DISCUSS ADVISORY: http://secunia.com/advisories/41764/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41764/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41764 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Russ McRee has discovered a vulnerability in Avactis Shopping Cart, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the HTTP "User-Agent" header to various scripts e.g. index.php or product-list.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.9.1 build 8356 free edition. Other versions may also be affected. SOLUTION: Apply the patch. PROVIDED AND/OR DISCOVERED BY: Russ McRee, via Secunia. ORIGINAL ADVISORY: Avactis: http://www.avactis.com/forums/index.php?showtopic=5317 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 14 16:44:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Oct 2010 01:44:49 +0200 Subject: [SEC] [SA41809] Robo-FTP Directory Traversal Vulnerability Message-ID: <201010142344.o9ENinsM002935@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Robo-FTP Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA41809 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41809/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41809 RELEASE DATE: 2010-10-15 DISCUSS ADVISORY: http://secunia.com/advisories/41809/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41809/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41809 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has reported a vulnerability in Robo-FTP, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when downloading directories containing files with directory traversal specifiers in the file name. This can be exploited to download files to an arbitrary location on a user's system. Successful exploitation requires that the user is tricked into connecting and downloading a directory from a malicious FTP server. The vulnerability is reported in versions prior to 3.7.5. SOLUTION: Update to version 3.7.5. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: Robo-FTP: http://kb.robo-ftp.com/change_log/show/77 High-Tech Bridge SA: http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_robo_ftp.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 14 17:11:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Oct 2010 02:11:43 +0200 Subject: [SEC] [SA41720] Fedora update for drupal-cck Message-ID: <201010150011.o9F0BhM9024155@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Fedora update for drupal-cck SECUNIA ADVISORY ID: SA41720 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41720/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41720 RELEASE DATE: 2010-10-15 DISCUSS ADVISORY: http://secunia.com/advisories/41720/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41720/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41720 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for drupal-cck. This fixes a vulnerability, which can be exploited by malicious users to disclose sensitive information. For more information: SA40916 SOLUTION: Apply updated packages using the yum utility ("yum update drupal-cck"). ORIGINAL ADVISORY: FEDORA-2010-15737: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049247.html FEDORA-2010-15707: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049300.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 14 17:44:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Oct 2010 02:44:10 +0200 Subject: [SEC] [SA41822] Oracle WebLogic Node Manager File Inclusion Vulnerability Message-ID: <201010150044.o9F0iAIW013215@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Oracle WebLogic Node Manager File Inclusion Vulnerability SECUNIA ADVISORY ID: SA41822 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41822/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41822 RELEASE DATE: 2010-10-15 DISCUSS ADVISORY: http://secunia.com/advisories/41822/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41822/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41822 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Oracle WebLogic Server, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system. The vulnerability is caused due to an input validation error in the Node Manager service, which can be exploited to include the configuration file via a UNC path. Successful exploitation allows to specify the location of the password file via a UNC path and gain access to the Node Manager server. The vulnerability is reported in version 10.3.3. Other versions may also be affected. SOLUTION: Restrict network access to the service to trusted peers. PROVIDED AND/OR DISCOVERED BY: US-CERT credits Carl Livitt, Stach & Liu, LLC. ORIGINAL ADVISORY: US-CERT VU#924300: http://www.kb.cert.org/vuls/id/924300 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 14 18:09:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Oct 2010 03:09:31 +0200 Subject: [SEC] [SA41799] SAP BusinessObjects Axis2 Default Account Security Issue Message-ID: <201010150109.o9F19VCL001901@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: SAP BusinessObjects Axis2 Default Account Security Issue SECUNIA ADVISORY ID: SA41799 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41799/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41799 RELEASE DATE: 2010-10-15 DISCUSS ADVISORY: http://secunia.com/advisories/41799/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41799/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41799 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in SAP BusinessObjects, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system. The security issue is caused due to the dswsbobje.war module deploying axis2 with default credentials. This can be exploited to gain access to an affected system and execute arbitrary code by uploading a web service. SOLUTION: Reportedly, fixes are available in SAP Security Note 1432881. PROVIDED AND/OR DISCOVERED BY: Joshua Abraham and Will Vandevanter ORIGINAL ADVISORY: http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 14 18:23:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Oct 2010 03:23:12 +0200 Subject: [SEC] [SA41853] Fujitsu IntelligentSearch Phishing Vulnerability Message-ID: <201010150123.o9F1NC52022552@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Fujitsu IntelligentSearch Phishing Vulnerability SECUNIA ADVISORY ID: SA41853 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41853/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41853 RELEASE DATE: 2010-10-15 DISCUSS ADVISORY: http://secunia.com/advisories/41853/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41853/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41853 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Fujitsu IntelligentSearch, which can be exploited by malicious people to conduct phishing attacks. The vulnerability is caused due to an unspecified error, which can be used to conduct spoofing or phishing attacks. This is related to: SA41770 SOLUTION: Contact the vendor for patches. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://software.fujitsu.com/jp/security/products-fujitsu/solution/bizsearch201002.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 14 18:44:57 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Oct 2010 03:44:57 +0200 Subject: [SEC] [SA41847] HP ProCurve Products Unspecified Vulnerability Message-ID: <201010150144.o9F1ivMq011138@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: HP ProCurve Products Unspecified Vulnerability SECUNIA ADVISORY ID: SA41847 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41847/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41847 RELEASE DATE: 2010-10-15 DISCUSS ADVISORY: http://secunia.com/advisories/41847/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41847/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41847 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP ProCurve products, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified error. Further information is currently not available. The vulnerability is reported in the following products: * M110 Access Point US (J9385B, J9385A) * M110 Access Point WW (J9388B, J9388A) * MSM310 Access Point US (J9374B, J9374A) * MSM310 Access Point WW (J9379B, J9379A) * MSM310 Access Point JP (J9524B, J9524A) * MSM310-R Access Point US (J9380B, J9380A) * MSM310-R Access Point WW (J9383B, J9383A) * MSM320 Access Point US (J9360B, J9360A) * MSM320 Access Point WW (J9364B, J9364A) * MSM320 Access Point JP (J9527B, J9527A) * MSM320-R Access Point US (J9365B, J9365A) * MSM320-R Access Point WW (J9368B, J9368A) * MSM320-R Access Point JP (J9528B, J9528A) * MSM325 Access Point US (J9369B, J9369A) * MSM325 Access Point WW (J9373B, J9373A) * MSM335 Access Point US (J9356B, J9356A) * MSM335 Access Point WW (J9357B, J9357A) * MSM410 Access Point US (J9426B, J9426A) * MSM410 Access Point WW (J9427B, J9427A) * MSM410 Access Point JP (J9429B, J9529A) * MSM422 Access Point US (J9358B, J9358A) * MSM422 Access Point WW (J9359B, J9359A) * MSM422 Access Point JP (J9530B, J9530A) * Miltope Dual Radio Access Point (J9410A) * Multi Service Access Point Miltope nMAP (J9402A) * MSM710 Mobility Controller (J9325A) * MSM710 Access Controller (J9328A) * MSM730 Mobility Controller (J9326A) * MSM730 Access Controller (J9329A) * MSM750 Mobility Controller (J9327A) * MSM750 Access Controller (J9330A) * MSM760 Mobility Controller (J9420A) * MSM760 Access Controller (J9421A) * MSM765zl Mobility Controller (J9370A) SOLUTION: The vendor has issued updated firmware versions (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBGN02589 SSRT100296: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02544568 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 14 19:14:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Oct 2010 04:14:58 +0200 Subject: [SEC] [SA41770] Accela / eAccela BizSearch Phishing Vulnerability Message-ID: <201010150214.o9F2EwEo000502@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Accela / eAccela BizSearch Phishing Vulnerability SECUNIA ADVISORY ID: SA41770 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41770/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41770 RELEASE DATE: 2010-10-15 DISCUSS ADVISORY: http://secunia.com/advisories/41770/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41770/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41770 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Accela / eAccela BizSearch, which can be exploited by malicious people to conduct phishing attacks. The vulnerability is caused due to an unspecified error, which can be used to conduct spoofing or phishing attacks. SOLUTION: Contact the vendor for patches. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://software.fujitsu.com/jp/security/products-fujitsu/solution/bizsearch201002.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 14 19:44:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Oct 2010 04:44:34 +0200 Subject: [SEC] [SA41821] Red Hat update for java-1.6.0-openjdk Message-ID: <201010150244.o9F2iYYK021893@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Red Hat update for java-1.6.0-openjdk SECUNIA ADVISORY ID: SA41821 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41821/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41821 RELEASE DATE: 2010-10-15 DISCUSS ADVISORY: http://secunia.com/advisories/41821/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41821/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41821 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for java-1.6.0-openjdk. This fixes multiple vulnerabilities, by malicious people to disclose potentially sensitive information, manipulate certain data, and compromise a vulnerable system. For more information: SA41791 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0768-1: https://rhn.redhat.com/errata/RHSA-2010-0768.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 14 20:09:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Oct 2010 05:09:41 +0200 Subject: [SEC] [SA41844] BlackBerry Professional Software PDF Distiller Unspecified Vulnerability Message-ID: <201010150309.o9F39fKn010625@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: BlackBerry Professional Software PDF Distiller Unspecified Vulnerability SECUNIA ADVISORY ID: SA41844 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41844/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41844 RELEASE DATE: 2010-10-15 DISCUSS ADVISORY: http://secunia.com/advisories/41844/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41844/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41844 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in BlackBerry Professional Software, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA41842 The vulnerability is reported in BlackBerry Professional Software version 4.1.4 and earlier. SOLUTION: The vendor recommends to remove the PDF file extension from the list of supported file format extensions. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB24547 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 14 20:23:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Oct 2010 05:23:27 +0200 Subject: [SEC] [SA39532] cURL "Content-Disposition" Header Filename Parsing Vulnerability Message-ID: <201010150323.o9F3NRbS031228@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: cURL "Content-Disposition" Header Filename Parsing Vulnerability SECUNIA ADVISORY ID: SA39532 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/39532/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=39532 RELEASE DATE: 2010-10-15 DISCUSS ADVISORY: http://secunia.com/advisories/39532/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/39532/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=39532 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in cURL, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an error in the "parse_filename()" function within src/main.c when stripping directory separators from the "Content-Disposition" HTTP header and can be exploited to overwrite files via a specially crafted server response. Successful exploitation requires cURL to be invoked with the "-J/--remote-header-name" option on platforms which support the backslash ("\") directory separator (e.g. Windows, Netware, MSDOS, OS/2, and Symbian). NOTE: The "libcurl" library is not affected. The vulnerability is reported in versions 7.20.0 through 7.21.1. SOLUTION: Update to version 7.21.2. PROVIDED AND/OR DISCOVERED BY: The vendor credits Dan Fandrich. ORIGINAL ADVISORY: http://curl.haxx.se/docs/adv_20101013.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 14 20:44:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Oct 2010 05:44:33 +0200 Subject: [SEC] [SA41842] BlackBerry Enterprise Server PDF Distiller Unspecified Vulnerability Message-ID: <201010150344.o9F3iX7m019770@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: BlackBerry Enterprise Server PDF Distiller Unspecified Vulnerability SECUNIA ADVISORY ID: SA41842 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41842/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41842 RELEASE DATE: 2010-10-15 DISCUSS ADVISORY: http://secunia.com/advisories/41842/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41842/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41842 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in BlackBerry Enterprise Server, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerability is caused due to an unspecified error within the PDF distiller of the BlackBerry Attachment Service component. The vulnerability can be exploited to cause a memory corruption when a specially crafted PDF file is opened for viewing on a BlackBerry smartphone. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in BlackBerry Enterprise Server versions 5.0.2, 5.0.1, 5.0.0, 4.1.7. SOLUTION: Update to the latest version or apply the Interim Security Update. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB24547 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 14 21:09:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Oct 2010 06:09:42 +0200 Subject: [SEC] [SA41671] Netbiter webSCADA WS100 and WS200 Multiple Vulnerabilities Message-ID: <201010150409.o9F49gQK008504@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Netbiter webSCADA WS100 and WS200 Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41671 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41671/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41671 RELEASE DATE: 2010-10-15 DISCUSS ADVISORY: http://secunia.com/advisories/41671/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41671/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41671 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Netbiter webSCADA WS100 and WS200, which can be exploited by malicious users to disclose sensitive information and potentially compromise a vulnerable system. 1) Input passed via the "page" parameter to cgi-bin/read.cgi is not properly sanitised before being used to access files. This can be exploited to read arbitrary file contents via directory traversal sequences and URL-encoded NULL bytes. 2) Input passed via the "file" parameter to cgi-bin/read.cgi is not properly verified before being used to access files. This can be exploited to read arbitrary file contents by providing the absolute path to a file. 3) An unspecified error in cgi-bin/read.cgi can be exploited to upload arbitrary files. This can potentially be exploited to compromise a vulnerable system. SOLUTION: Grant only trusted users access to the application. PROVIDED AND/OR DISCOVERED BY: Andrej Komarov and Eugene Salov, itdefence ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2010-10/0002.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 14 21:23:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Oct 2010 06:23:28 +0200 Subject: [SEC] [SA41848] HP Systems Insight Manager File Download Vulnerability Message-ID: <201010150423.o9F4NSU8029118@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: HP Systems Insight Manager File Download Vulnerability SECUNIA ADVISORY ID: SA41848 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41848/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41848 RELEASE DATE: 2010-10-15 DISCUSS ADVISORY: http://secunia.com/advisories/41848/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41848/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41848 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP Systems Insight Manager, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an unspecified error, which can be exploited to download arbitrary files from an affected system. The vulnerability is reported in the following versions: * HP Systems Insight Manager (SIM) for HP-UX, Linux v6.0 prior to September 2010 Hotfix * HP Systems Insight Manager (SIM) for HP-UX, Linux v6.1 prior to September 2010 Hotfix * HP Systems Insight Manager (SIM) for Windows v6.0 prior to September 2010 Hotfix or prior to v6.0 Update 2 * HP Systems Insight Manager (SIM) for Windows v6.1 prior to September 2010 Hotfix or prior to v6.1 Update 2 SOLUTION: Apply the hotfix. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02590 SSRT100182: http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02548231 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 14 21:44:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Oct 2010 06:44:49 +0200 Subject: [SEC] [SA41838] Sun PDF Import Extension Xpdf Vulnerability Message-ID: <201010150444.o9F4infe017668@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Sun PDF Import Extension Xpdf Vulnerability SECUNIA ADVISORY ID: SA41838 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41838/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41838 RELEASE DATE: 2010-10-15 DISCUSS ADVISORY: http://secunia.com/advisories/41838/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41838/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41838 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Sun PDF Import Extension for OpenOffice.org / Oracle Open Office, which can be exploited by malicious people to potentially compromise a user's system. For more information see vulnerability #3 in: SA37053 The vulnerability is reported in versions prior to 1.0.1. SOLUTION: Update to version 1.0.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://extensions.services.openoffice.org/en/node/874/releases OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 14 22:09:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Oct 2010 07:09:23 +0200 Subject: [SEC] [SA41793] Debian update for poppler Message-ID: <201010150509.o9F59NR9006374@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Debian update for poppler SECUNIA ADVISORY ID: SA41793 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41793/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41793 RELEASE DATE: 2010-10-15 DISCUSS ADVISORY: http://secunia.com/advisories/41793/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41793/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41793 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for poppler. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA41596 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA 2116-1: http://lists.debian.org/debian-security-announce/2010/msg00169.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 15 10:29:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Oct 2010 19:29:28 +0200 Subject: [SEC] [SA41876] Sun Solaris LibTIFF Multiple Vulnerabilities Message-ID: <201010151729.o9FHTS2E027297@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Sun Solaris LibTIFF Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41876 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41876/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41876 RELEASE DATE: 2010-10-15 DISCUSS ADVISORY: http://secunia.com/advisories/41876/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41876/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41876 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged some vulnerabilities in Sun Solaris, which can potentially be exploited by malicious people to cause a DoS (Denial of Service) and compromise an application using the library. For more information: SA40181 SOLUTION: Do not open untrusted TIFF images. ORIGINAL ADVISORY: http://blogs.sun.com/security/entry/cve_2010_2065_cve_2010 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 15 11:29:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Oct 2010 20:29:32 +0200 Subject: [SEC] [SA41875] Sun Solaris Tomcat Multiple Vulnerabilities Message-ID: <201010151829.o9FITVNv017601@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Sun Solaris Tomcat Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41875 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41875/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41875 RELEASE DATE: 2010-10-15 DISCUSS ADVISORY: http://secunia.com/advisories/41875/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41875/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41875 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged some vulnerabilities in Sun Solaris, which can be exploited by malicious users and malicious people to manipulate certain data and by malicious people to disclose certain system information and cause a DoS (Denial of Service). For more information: SA38316 SA39574 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: http://blogs.sun.com/security/entry/cve_2009_2902_cve_2009 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 15 12:29:51 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Oct 2010 21:29:51 +0200 Subject: [SEC] [SA41800] Sun Solaris LibTIFF Multiple Vulnerabilities Message-ID: <201010151929.o9FJTpIH007917@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Sun Solaris LibTIFF Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41800 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41800/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41800 RELEASE DATE: 2010-10-15 DISCUSS ADVISORY: http://secunia.com/advisories/41800/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41800/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41800 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged some vulnerabilities in Sun Solaris, which can potentially be exploited by malicious people to cause a DoS (Denial of Service) and compromise an application using the library. For more information: SA40181 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: http://blogs.sun.com/security/entry/cve_2010_2065_cve_2010 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 15 13:29:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Oct 2010 22:29:33 +0200 Subject: [SEC] [SA41820] Ettercap Insecure Configuration File Security Issue Message-ID: <201010152029.o9FKTX6t030595@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Ettercap Insecure Configuration File Security Issue SECUNIA ADVISORY ID: SA41820 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41820/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41820 RELEASE DATE: 2010-10-15 DISCUSS ADVISORY: http://secunia.com/advisories/41820/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41820/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41820 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been discovered in Ettercap, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the application using a configuration file "/tmp/.ettercap_gtk" in an insecure manner when running the application with the "-G" option. This can be exploited to e.g. overwrite arbitrary files via symlink attacks. NOTE: This can further be exploited to cause a stack-based buffer overflow due to a boundary error in the "gtkui_conf_read()" function in src/interfaces/gtk/ec_gtk_conf.c and potentially execute arbitrary code. The security issue is confirmed in version 0.7.3 on a Linux system. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Dan Rosenberg ORIGINAL ADVISORY: Ubuntu bug #656347: https://bugs.launchpad.net/ubuntu/+source/ettercap/+bug/656347 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 15 14:23:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Oct 2010 23:23:18 +0200 Subject: [SEC] [SA41866] K2Editor Insecure Executable Loading Vulnerability Message-ID: <201010152123.o9FLNIO7020611@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: K2Editor Insecure Executable Loading Vulnerability SECUNIA ADVISORY ID: SA41866 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41866/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41866 RELEASE DATE: 2010-10-15 DISCUSS ADVISORY: http://secunia.com/advisories/41866/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41866/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41866 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in K2Editor, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading loading an executable file in an insecure manner and can be exploited by tricking a user into e.g. opening certain text files located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in version R.1.5.8. Prior versions may also be affected. SOLUTION: Update to version R.1.5.9. PROVIDED AND/OR DISCOVERED BY: JVN credits Mr. Makoto. ORIGINAL ADVISORY: K2Editor: http://k2top.jpn.org/ JVN: http://jvn.jp/jp/JVN36921800/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2010-000041 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 15 14:44:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 15 Oct 2010 23:44:22 +0200 Subject: [SEC] [SA41861] Gekko Manager FTP Server Response Buffer Overflow Message-ID: <201010152144.o9FLiM8E009156@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Gekko Manager FTP Server Response Buffer Overflow SECUNIA ADVISORY ID: SA41861 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41861/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41861 RELEASE DATE: 2010-10-15 DISCUSS ADVISORY: http://secunia.com/advisories/41861/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41861/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41861 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Gekko Manager, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing FTP server responses and can be exploited to cause a stack-based buffer overflow. Successful exploitation allows execution of arbitrary code, but requires that a user connects to a specially crafted FTP server. The vulnerability is confirmed in version 0.77. Other versions may also be affected. SOLUTION: Do not connect to untrusted FTP servers. PROVIDED AND/OR DISCOVERED BY: nullthreat ORIGINAL ADVISORY: http://www.corelan.be:8800/index.php/2010/10/12/death-of-an-ftp-client/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 15 15:11:52 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Oct 2010 00:11:52 +0200 Subject: [SEC] [SA41845] STDU Explorer Insecure Library Loading Vulnerability Message-ID: <201010152211.o9FMBqRb030481@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: STDU Explorer Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41845 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41845/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41845 RELEASE DATE: 2010-10-15 DISCUSS ADVISORY: http://secunia.com/advisories/41845/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41845/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41845 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in STDU Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a folder located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code, but requires that the application during installation was configured with "Browse with STDU Explorer" option (non-default option). The vulnerability is confirmed in version 1.0.201. Other versions may also be affected. SOLUTION: Do not open untrusted folders. PROVIDED AND/OR DISCOVERED BY: anT!-Tr0J4n ORIGINAL ADVISORY: http://packetstormsecurity.org/1010-exploits/stdu-dllhijack.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 15 15:45:51 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Oct 2010 00:45:51 +0200 Subject: [SEC] [SA41868] Sun Solaris Pidgin SLP Message Denial of Service Weakness Message-ID: <201010152245.o9FMjpk6019612@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Sun Solaris Pidgin SLP Message Denial of Service Weakness SECUNIA ADVISORY ID: SA41868 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41868/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41868 RELEASE DATE: 2010-10-16 DISCUSS ADVISORY: http://secunia.com/advisories/41868/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41868/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41868 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged a weakness in Sun Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerability #1 in: SA38563 SOLUTION: Modify settings to connect to trusted peers only. ORIGINAL ADVISORY: http://blogs.sun.com/security/entry/cve_2010_0277_malformed_msn OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 15 16:11:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Oct 2010 01:11:49 +0200 Subject: [SEC] [SA41713] Visual Synapse HTTP Server Directory Traversal Vulnerability Message-ID: <201010152311.o9FNBnFB008386@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Visual Synapse HTTP Server Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA41713 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41713/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41713 RELEASE DATE: 2010-10-16 DISCUSS ADVISORY: http://secunia.com/advisories/41713/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41713/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41713 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Felipe Aragon has reported a vulnerability in Visual Synapse HTTP Server, which can be exploited by malicious people to disclose sensitive information. Input passed via the URL is not properly verified before being used to read files. This can be exploited to read arbitrary files via directory traversal attacks. The vulnerability is reported in version 0.6. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Felipe Aragon, Syhunt Security Research Team ORIGINAL ADVISORY: http://www.syhunt.com/?n=Advisories.Vs-httpd-dirtrav OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 15 16:46:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Oct 2010 01:46:46 +0200 Subject: [SEC] [SA41872] Fedora update for ardour Message-ID: <201010152346.o9FNkk6R029938@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Fedora update for ardour SECUNIA ADVISORY ID: SA41872 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41872/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41872 RELEASE DATE: 2010-10-16 DISCUSS ADVISORY: http://secunia.com/advisories/41872/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41872/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41872 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for ardour. This fixes a security issue, which can be exploited by malicious people to compromise a user's system. The security issue is caused due to the ardour2 script insecurely setting the environment variable LD_LIBRARY_PATH. This can be exploited to execute arbitrary code e.g. by tricking a user into running the script in a directory containing a malicious library. SOLUTION: Apply updated packages using the yum utility ("yum update ardour"). PROVIDED AND/OR DISCOVERED BY: Raphael Geissert ORIGINAL ADVISORY: FEDORA-2010-15510: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049377.html FEDORA-2010-15499: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049373.html Raphael Geissert: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598283 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 15 17:11:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Oct 2010 02:11:49 +0200 Subject: [SEC] [SA41850] XacRett Insecure Executable Loading Vulnerability Message-ID: <201010160011.o9G0BnrV018670@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: XacRett Insecure Executable Loading Vulnerability SECUNIA ADVISORY ID: SA41850 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41850/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41850 RELEASE DATE: 2010-10-16 DISCUSS ADVISORY: http://secunia.com/advisories/41850/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41850/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41850 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in XacRett, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading "explorer.exe" in an insecure manner and can be exploited by tricking a user into e.g. opening a compressed file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in version 49. Prior versions may also be affected. SOLUTION: Update to version 50 or later. PROVIDED AND/OR DISCOVERED BY: JVN credits Mr. Makoto. ORIGINAL ADVISORY: XacRett: http://www.kmonos.net/lib/info/xacr49-vul.ja.html JVN: http://jvn.jp/jp/JVN04665167/index.html http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000040.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 15 17:44:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Oct 2010 02:44:28 +0200 Subject: [SEC] [SA41843] MEO Encryption Software Insecure Library Loading Vulnerability Message-ID: <201010160044.o9G0iSXq007738@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: MEO Encryption Software Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41843 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41843/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41843 RELEASE DATE: 2010-10-16 DISCUSS ADVISORY: http://secunia.com/advisories/41843/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41843/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41843 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in MEO Encryption Software, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a MEO or CRY file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 2.02. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: anT!-Tr0J4n ORIGINAL ADVISORY: http://packetstormsecurity.org/1010-exploits/meo-dllhijack.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 15 18:09:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Oct 2010 03:09:21 +0200 Subject: [SEC] [SA41862] LeapFTP Filename Parsing Buffer Overflow Vulnerability Message-ID: <201010160109.o9G19LkH028850@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: LeapFTP Filename Parsing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA41862 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41862/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41862 RELEASE DATE: 2010-10-16 DISCUSS ADVISORY: http://secunia.com/advisories/41862/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41862/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41862 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in LeapFTP, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when parsing a file name and can be exploited to cause a stack-based buffer overflow via an overly long, specially crafted LIST response. Successful exploitation allows execution of arbitrary code, but requires that the user is tricked into downloading from a malicious FTP server. The vulnerability is confirmed in version 3.0.1.46. Other versions may also be affected. SOLUTION: Do not download files from untrusted FTP servers. PROVIDED AND/OR DISCOVERED BY: corelanc0d3r ORIGINAL ADVISORY: http://www.corelan.be:8800/index.php/2010/10/12/death-of-an-ftp-client/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 15 18:23:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Oct 2010 03:23:32 +0200 Subject: [SEC] [SA41754] Gnome Subtitles LD_LIBRARY_PATH Security Issue Message-ID: <201010160123.o9G1NWIb017091@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Gnome Subtitles LD_LIBRARY_PATH Security Issue SECUNIA ADVISORY ID: SA41754 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41754/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41754 RELEASE DATE: 2010-10-16 DISCUSS ADVISORY: http://secunia.com/advisories/41754/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41754/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41754 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Gnome Subtitles, which can be exploited by malicious people to compromise a user's system. The security issue is caused due to the gnome-subtitles script insecurely setting the environment variable LD_LIBRARY_PATH. This can be exploited to execute arbitrary code e.g. by tricking a user into running the script in a directory containing a malicious library. The security issue is reported in version 1.0. SOLUTION: Run gnome-subtitles in trusted directories only. PROVIDED AND/OR DISCOVERED BY: Raphael Geissert ORIGINAL ADVISORY: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598289 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 15 18:44:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Oct 2010 03:44:23 +0200 Subject: [SEC] [SA41807] Fedora update for gnome-subtitles Message-ID: <201010160144.o9G1iNAk005612@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Fedora update for gnome-subtitles SECUNIA ADVISORY ID: SA41807 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41807/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41807 RELEASE DATE: 2010-10-16 DISCUSS ADVISORY: http://secunia.com/advisories/41807/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41807/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41807 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for gnome-subtitles. This fixes a security issue, which can be exploited by malicious people to compromise a user's system. For more information: SA41754 SOLUTION: Apply updated packages using the yum utility ("yum update gnome-subtitles"). ORIGINAL ADVISORY: FEDORA-2010-15717: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049275.html FEDORA-2010-15711: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049288.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 15 19:14:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Oct 2010 04:14:49 +0200 Subject: [SEC] [SA41859] FTPShell Client PWD Response Buffer Overflow Vulnerability Message-ID: <201010160214.o9G2EnsC027478@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: FTPShell Client PWD Response Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA41859 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41859/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41859 RELEASE DATE: 2010-10-16 DISCUSS ADVISORY: http://secunia.com/advisories/41859/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41859/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41859 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in FTPShell Client, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing FTP responses and can be exploited to cause a stack-based buffer overflow via an overly long PWD response. Successful exploitation allows execution of arbitrary code, but requires that the user is tricked into connecting to a malicious FTP server. The vulnerability is confirmed in version 5.1. Other versions may also be affected. SOLUTION: Do not connect to untrusted FTP servers. PROVIDED AND/OR DISCOVERED BY: ekse and corelanc0d3r ORIGINAL ADVISORY: http://www.corelan.be:8800/index.php/2010/10/12/death-of-an-ftp-client/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 15 19:44:53 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Oct 2010 04:44:53 +0200 Subject: [SEC] [SA41819] XLRstats "eval()" PHP Code Execution Vulnerability Message-ID: <201010160244.o9G2irP4016415@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: XLRstats "eval()" PHP Code Execution Vulnerability SECUNIA ADVISORY ID: SA41819 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41819/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41819 RELEASE DATE: 2010-10-16 DISCUSS ADVISORY: http://secunia.com/advisories/41819/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41819/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41819 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in XLRstats, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "fname" parameter to index.php (when "func" is set to "medal") is not properly sanitised before being used in an "eval()" call, which can be exploited to execute arbitrary PHP code. The vulnerability is confirmed in version 2.1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Reported as SQL injection by Sky4. Additional information provided by Secunia Research. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 15 20:09:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Oct 2010 05:09:21 +0200 Subject: [SEC] [SA41869] Attachmate Reflection for the Web Cross-Site Scripting Vulnerability Message-ID: <201010160309.o9G39LxM005106@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Attachmate Reflection for the Web Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA41869 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41869/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41869 RELEASE DATE: 2010-10-16 DISCUSS ADVISORY: http://secunia.com/advisories/41869/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41869/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41869 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Attachmate Reflection for the Web, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via unspecified parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in Reflection for the Web 2008 version R2 (builds 10.1.569 and earlier), Reflection for the Web 2008 R1, and Reflection for the Web 9.6 and earlier). SOLUTION: Update to the latest version. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://support.attachmate.com/techdocs/1704.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 15 20:23:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Oct 2010 05:23:20 +0200 Subject: [SEC] [SA41812] Red Hat update for qpid Message-ID: <201010160323.o9G3NKcA025747@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Red Hat update for qpid SECUNIA ADVISORY ID: SA41812 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41812/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41812 RELEASE DATE: 2010-10-16 DISCUSS ADVISORY: http://secunia.com/advisories/41812/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41812/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41812 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for qpid. This fixes two vulnerabilities, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service). For more information: SA41710 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: https://rhn.redhat.com/errata/RHSA-2010-0773.html https://rhn.redhat.com/errata/RHSA-2010-0774.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 15 20:44:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Oct 2010 05:44:24 +0200 Subject: [SEC] [SA41846] Attachmate Reflection for Secure IT Boost Library Denial of Service Message-ID: <201010160344.o9G3iO7N014290@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Attachmate Reflection for Secure IT Boost Library Denial of Service SECUNIA ADVISORY ID: SA41846 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41846/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41846 RELEASE DATE: 2010-10-16 DISCUSS ADVISORY: http://secunia.com/advisories/41846/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41846/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41846 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Reflection for Secure IT, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to usage of a vulnerable versions of the Boost library. For more information: SA28511 The vulnerability is reported in versions prior to 7.2. NOTE: This vulnerability does not affect Reflection for Secure IT Windows Server or Client. SOLUTION: Update to version 7.2. ORIGINAL ADVISORY: http://support.attachmate.com/techdocs/2288.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 15 21:09:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Oct 2010 06:09:30 +0200 Subject: [SEC] [SA41857] FTPGetter Logfile Parsing Buffer Overflow Vulnerability Message-ID: <201010160409.o9G49Uox003003@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: FTPGetter Logfile Parsing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA41857 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41857/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41857 RELEASE DATE: 2010-10-16 DISCUSS ADVISORY: http://secunia.com/advisories/41857/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41857/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41857 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in FTPGetter, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when reading a log file using fgets() and can be exploited to cause a stack-based buffer overflow by tricking a user into connecting to a malicious FTP server and sending e.g. a specially crafted "PWD" response. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 3.55.0.05 and 3.57.0.15. Other versions may also be affected. SOLUTION: Do not connect to untrusted FTP servers. PROVIDED AND/OR DISCOVERED BY: ekse ORIGINAL ADVISORY: http://www.corelan.be:8800/index.php/2010/10/12/death-of-an-ftp-client/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 15 21:23:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Oct 2010 06:23:37 +0200 Subject: [SEC] [SA41683] SAP Crystal Reports Two Vulnerabilities Message-ID: <201010160423.o9G4NbnS023644@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: SAP Crystal Reports Two Vulnerabilities SECUNIA ADVISORY ID: SA41683 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41683/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41683 RELEASE DATE: 2010-10-16 DISCUSS ADVISORY: http://secunia.com/advisories/41683/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41683/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41683 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in SAP Crystal Reports, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error within CMS.exe when parsing GIOP requests can be exploited to cause a heap-based buffer overflow via a specially crafted packet. 2) A boundary error within JobServer.exe when parsing GIOP requests can be exploited to cause a heap-based buffer overflow via a specially crafted packet. Successful exploitation allows execution of arbitrary code with SYSTEM privileges. SOLUTION: Apply patch. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SAP: https://websmp130.sap-ag.de/sap/support/notes/1509604 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-195/ http://www.zerodayinitiative.com/advisories/ZDI-10-196/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 15 21:44:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Oct 2010 06:44:28 +0200 Subject: [SEC] [SA41814] Red Hat update for java-1.6.0-sun Message-ID: <201010160444.o9G4iSRu012168@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Red Hat update for java-1.6.0-sun SECUNIA ADVISORY ID: SA41814 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41814/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41814 RELEASE DATE: 2010-10-16 DISCUSS ADVISORY: http://secunia.com/advisories/41814/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41814/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41814 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for java-1.6.0-sun. This fixes multiple vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information, manipulate certain data, and compromise a vulnerable system. For more information: SA41791 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0770-1: https://rhn.redhat.com/errata/RHSA-2010-0770.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 15 22:09:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Oct 2010 07:09:30 +0200 Subject: [SEC] [SA41813] Red Hat update for kernel-rt Message-ID: <201010160509.o9G59UZx000837@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Red Hat update for kernel-rt SECUNIA ADVISORY ID: SA41813 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41813/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41813 RELEASE DATE: 2010-10-16 DISCUSS ADVISORY: http://secunia.com/advisories/41813/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41813/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41813 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for kernel-rt. This fixes multiple weaknesses and a vulnerability, which can be exploited by malicious, local users to disclose certain system and potentially sensitive information and to cause a DoS (Denial of Service). For more information: SA38354 SA41245 SA41440 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0771-1: https://rhn.redhat.com/errata/RHSA-2010-0771.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 16 10:30:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Oct 2010 19:30:00 +0200 Subject: [SEC] [SA41801] PluXml Multiple Vulnerabilities Message-ID: <201010161730.o9GHU0mF021837@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: PluXml Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41801 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41801/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41801 RELEASE DATE: 2010-10-16 DISCUSS ADVISORY: http://secunia.com/advisories/41801/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41801/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41801 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in PluXml, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) Input passed via the "content" POST parameter to core/admin/article.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The application allows users to perform certain actions via HTTP requests without making proper validity checks to verify the requests. This can be exploited to e.g. change an administrator's password by tricking an administrator into visiting a malicious web site while being logged-in to the application. NOTE: This vulnerability can further be exploited to execute arbitrary PHP code by passing PHP code via the "content" POST parameter to core/admin/statique.php. The vulnerabilities are confirmed in version 5.0.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Do not browse untrusted web sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: HTBridge Additional information provided by an anonymous person. ORIGINAL ADVISORY: HTB22631: http://www.htbridge.ch/advisory/xss_vulnerability_in_pluxml.html HTB22632: http://www.htbridge.ch/advisory/xss_vulnerability_in_pluxml_1.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 16 11:29:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Oct 2010 20:29:34 +0200 Subject: [SEC] [SA41794] Oracle Enterprise Manager Grid Control Buffer Overflow Vulnerability Message-ID: <201010161829.o9GITYfk012122@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Oracle Enterprise Manager Grid Control Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA41794 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41794/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41794 RELEASE DATE: 2010-10-16 DISCUSS ADVISORY: http://secunia.com/advisories/41794/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41794/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41794 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Oracle Enterprise Manager Grid Control, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the "EM Console" component when processing HTTP requests, which can be exploited to cause a buffer overflow via an overly long HTTP request. SOLUTION: Apply patch (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Nicolas Joly, Vupen ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html Vupen: http://archives.neohapsis.com/archives/bugtraq/2010-10/0121.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 16 12:29:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Oct 2010 21:29:22 +0200 Subject: [SEC] [SA41826] IBM Tivoli Netcool/Webtop Tomcat Vulnerabilities Message-ID: <201010161929.o9GJTMCS002358@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: IBM Tivoli Netcool/Webtop Tomcat Vulnerabilities SECUNIA ADVISORY ID: SA41826 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41826/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41826 RELEASE DATE: 2010-10-16 DISCUSS ADVISORY: http://secunia.com/advisories/41826/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41826/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41826 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged some vulnerabilities in IBM Tivoli Netcool/Webtop, which can be exploited by malicious users to disclose sensitive information or manipulate certain data and by malicious people to cause a DoS (Denial of Service) or disclose sensitive information. The vulnerabilities are caused by use of a vulnerable version of Apache Tomcat. For more information: SA35326 SOLUTION: Update to version 2.1.0 Fix Pack 10. ORIGINAL ADVISORY: IBM: http://www-01.ibm.com/support/docview.wss?uid=swg27012048 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 16 13:29:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Oct 2010 22:29:18 +0200 Subject: [SEC] [SA41792] Debian update for postgresql-8.3 Message-ID: <201010162029.o9GKTIfW025091@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Debian update for postgresql-8.3 SECUNIA ADVISORY ID: SA41792 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41792/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41792 RELEASE DATE: 2010-10-16 DISCUSS ADVISORY: http://secunia.com/advisories/41792/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41792/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41792 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for postgresql-8.3. This fixes a security issue, which can be exploited by malicious users to perform certain actions with escalated privileges. For more information: SA41692 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA 2120-1: http://www.us.debian.org/security/2010/dsa-2120 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 16 14:23:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Oct 2010 23:23:10 +0200 Subject: [SEC] [SA41745] Disk Pulse Server Buffer Overflow Vulnerability Message-ID: <201010162123.o9GLNAvo015109@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Disk Pulse Server Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA41745 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41745/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41745 RELEASE DATE: 2010-10-16 DISCUSS ADVISORY: http://secunia.com/advisories/41745/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41745/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41745 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Xsploited Security has discovered a vulnerability in Disk Pulse Server, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA41748 The vulnerability is confirmed in version 2.2.34. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Xsploited Security ORIGINAL ADVISORY: http://x-sploited.com/2010/10/12/poc-disk-pulse-server-v2-2-34-remote-buffer-overflow-exploit/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 16 14:44:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 16 Oct 2010 23:44:39 +0200 Subject: [SEC] [SA41760] Chipmunk Pwngame Multiple SQL Injection Vulnerabilities Message-ID: <201010162144.o9GLidfw003656@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Chipmunk Pwngame Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA41760 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41760/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41760 RELEASE DATE: 2010-10-16 DISCUSS ADVISORY: http://secunia.com/advisories/41760/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41760/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41760 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in Chipmunk Pwngame, which can be exploited by malicious people to conduct SQL injection attacks. 1) Input passed via the "username" POST parameter to authenticate.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This can further be exploited to bypass the log-in mechanism. 2) Input passed via the "ID" parameter to pwn.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. NOTE: Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerabilities are confirmed in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: KnocKout OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 16 15:14:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 17 Oct 2010 00:14:31 +0200 Subject: [SEC] [SA41772] Joomla! Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201010162214.o9GMEVMM025108@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Joomla! Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA41772 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41772/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41772 RELEASE DATE: 2010-10-16 DISCUSS ADVISORY: http://secunia.com/advisories/41772/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41772/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41772 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the URL to index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected website. The vulnerabilities are reported in versions prior to 1.5.21. SOLUTION: Update to version 1.5.21. PROVIDED AND/OR DISCOVERED BY: Aung Khant, YEHG ORIGINAL ADVISORY: Joomla!: http://developer.joomla.org/security/news/9-security/10-core-security/322-20101001-core-xss-vulnerabilities.html YEHG: http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.5.20%5D_cross_site_scripting%28XSS%29 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 16 15:46:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 17 Oct 2010 00:46:16 +0200 Subject: [SEC] [SA41741] Joomla! Community Builder Enhanced Component "tabname" Local File Inclusion Vulnerability Message-ID: <201010162246.o9GMkGAO014126@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Joomla! Community Builder Enhanced Component "tabname" Local File Inclusion Vulnerability SECUNIA ADVISORY ID: SA41741 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41741/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41741 RELEASE DATE: 2010-10-17 DISCUSS ADVISORY: http://secunia.com/advisories/41741/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41741/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41741 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Community Builder Enhanced component for Joomla!, which can be exploited by malicious users to disclose sensitive information and to potentially compromise a vulnerable system. Input passed via the "tabname" parameter to index.php (when "option" is set to "com_cbe", "task" is set to "userProfile", "user" is set, and "ajaxdirekt" is set to "true") is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. NOTE: This can further be exploited to execute arbitrary PHP code by e.g. uploading and including specially crafted image files. The vulnerability is reported in version 1.4.8, 1.4.9, and 1.4.10. Prior versions may also be affected. SOLUTION: Update to version 1.4.11. PROVIDED AND/OR DISCOVERED BY: Delf Tonder ORIGINAL ADVISORY: Joomla CBE: http://www.joomla-cbe.de/CBE-News/cbe-1411-behebt-kritischen-sicherheitsfehler.html Delf Tonder: http://archives.neohapsis.com/archives/fulldisclosure/2010-10/0112.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 16 16:12:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 17 Oct 2010 01:12:07 +0200 Subject: [SEC] [SA41747] Fedora update for ghostscript Message-ID: <201010162312.o9GNC7fG002878@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Fedora update for ghostscript SECUNIA ADVISORY ID: SA41747 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41747/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41747 RELEASE DATE: 2010-10-17 DISCUSS ADVISORY: http://secunia.com/advisories/41747/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41747/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41747 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for ghostscript. This fixes a security issue, which can be exploited malicious people to bypass certain security restrictions and compromise a user's system. For more information: SA40452 SOLUTION: Apply updated packages via the yum utility ("yum update ghostscript"). Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: FEDORA-2010-14640: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049164.html FEDORA-2010-14633: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049367.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 16 16:46:06 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 17 Oct 2010 01:46:06 +0200 Subject: [SEC] [SA41753] SUSE update for acroread Message-ID: <201010162346.o9GNk6Vo024405@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: SUSE update for acroread SECUNIA ADVISORY ID: SA41753 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41753/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41753 RELEASE DATE: 2010-10-17 DISCUSS ADVISORY: http://secunia.com/advisories/41753/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41753/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41753 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for acroread. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a vulnerable system. For more information: SA41340 SA41435 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SA:2010:048: http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 16 17:12:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 17 Oct 2010 02:12:43 +0200 Subject: [SEC] [SA41737] FilterFTP Directory Traversal Vulnerability Message-ID: <201010170012.o9H0Chu6013207@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: FilterFTP Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA41737 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41737/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41737 RELEASE DATE: 2010-10-17 DISCUSS ADVISORY: http://secunia.com/advisories/41737/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41737/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41737 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in FilterFTP, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when downloading directories containing files with directory traversal specifiers in the file name. This can be exploited to download files to an arbitrary location on a user's system. Successful exploitation requires that the user is tricked into connecting and downloading a directory from a malicious FTP server. The vulnerability is confirmed in version 2.0.5. Other versions may also be affected. SOLUTION: Do not download files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22626: http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_filterftp.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 16 17:44:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 17 Oct 2010 02:44:41 +0200 Subject: [SEC] [SA41752] PHP-Fusion MG User-Fotoalbum Module "album_id" SQL Injection Vulnerability Message-ID: <201010170044.o9H0ifIa002189@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: PHP-Fusion MG User-Fotoalbum Module "album_id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA41752 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41752/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41752 RELEASE DATE: 2010-10-17 DISCUSS ADVISORY: http://secunia.com/advisories/41752/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41752/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41752 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the MG User-Fotoalbum module for PHP-Fusion, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "album_id" parameter to infusions/mg_user_fotoalbum_panel/mg_user_fotoalbum.php (when "album_user_id" is set) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 1.0.1. Other versions may also be affected. SOLUTION: Update to version 1.0.2. PROVIDED AND/OR DISCOVERED BY: Easy Laster ORIGINAL ADVISORY: http://phpfusion.marcusg.de/news.php?readmore=54 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 16 18:09:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 17 Oct 2010 03:09:26 +0200 Subject: [SEC] [SA41765] Parallels Small Business Panel Two Cross-Site Scripting Vulnerabilities Message-ID: <201010170109.o9H19QLW023347@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Parallels Small Business Panel Two Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA41765 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41765/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41765 RELEASE DATE: 2010-10-17 DISCUSS ADVISORY: http://secunia.com/advisories/41765/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41765/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41765 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: David Hoyt has reported two vulnerabilities in Parallels Small Business Panel, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "category" parameter in smb/app/available/id/apscatalog and the "folder" parameter in smb/file/index/type/external is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in version 10.2.0. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences in a proxy. PROVIDED AND/OR DISCOVERED BY: David Hoyt ORIGINAL ADVISORY: http://cloudscan.blogspot.com/2010/09/cross-site-scripting-in-plesk-small.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 16 18:23:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 17 Oct 2010 03:23:14 +0200 Subject: [SEC] [SA41715] Ubuntu update for postgresql Message-ID: <201010170123.o9H1NEMp011568@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Ubuntu update for postgresql SECUNIA ADVISORY ID: SA41715 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41715/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41715 RELEASE DATE: 2010-10-17 DISCUSS ADVISORY: http://secunia.com/advisories/41715/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41715/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41715 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for postgresql. This fixes a security issue, which can be exploited by malicious users to perform certain actions with escalated privileges. For more information: SA41692 SOLUTION: Apply updated packages which fix the security issue in PL/perl and PL/tcl (a fix for PL/PHP is reportedly in development). Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1002-1: http://www.ubuntu.com/usn/usn-1002-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 16 18:44:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 17 Oct 2010 03:44:44 +0200 Subject: [SEC] [SA41731] Red Hat update for xpdf Message-ID: <201010170144.o9H1iiAS032515@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Red Hat update for xpdf SECUNIA ADVISORY ID: SA41731 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41731/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41731 RELEASE DATE: 2010-10-17 DISCUSS ADVISORY: http://secunia.com/advisories/41731/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41731/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41731 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for xpdf. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a user's system. For more information: SA41709 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0750-1: http://rhn.redhat.com/errata/RHSA-2010-0750.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 16 19:16:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 17 Oct 2010 04:16:11 +0200 Subject: [SEC] [SA41710] Apache Qpid Denial of Service Vulnerabilities Message-ID: <201010170216.o9H2GBYq022031@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Apache Qpid Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA41710 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41710/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41710 RELEASE DATE: 2010-10-17 DISCUSS ADVISORY: http://secunia.com/advisories/41710/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41710/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41710 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Apache Qpid, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service). 1) An error when handling SSL connections can be exploited to prevent further connection attempts via an incomplete SSL handshake. This vulnerability is reported in Apache Qpid C++ broker & client version 0.5. Other versions may also be affected. 2) An error when processing invalid AMQP data can be exploited to cause a crash. 3) An NULL pointer dereference error exists when attempting to redeclare an existing exchange and add a new alternate exchange. This can be exploited by an authenticated user to cause a crash. SOLUTION: Update to version 0.6. PROVIDED AND/OR DISCOVERED BY: Reported as vulnerabilities in Red Hat bug reports. ORIGINAL ADVISORY: https://bugzilla.redhat.com/show_bug.cgi?id=632657 https://bugzilla.redhat.com/show_bug.cgi?id=642373 https://bugzilla.redhat.com/show_bug.cgi?id=642377 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 16 19:44:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 17 Oct 2010 04:44:41 +0200 Subject: [SEC] [SA41734] Red Hat Enterprise MRG Messaging Broker Two Vulnerabilities Message-ID: <201010170244.o9H2ifDP009097@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Red Hat Enterprise MRG Messaging Broker Two Vulnerabilities SECUNIA ADVISORY ID: SA41734 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41734/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41734 RELEASE DATE: 2010-10-17 DISCUSS ADVISORY: http://secunia.com/advisories/41734/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41734/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41734 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Red Hat Enterprise MRG, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service). 1) A vulnerability in the MRG Messaging broker is caused due to insecure qpid code. For more information: SA41710 NOTE: This affects only SSL connections (not enabled by default). 2) An error in the MRG Messaging broker can be exploited to exhaust stack memory and cause the broker to crash by sending large persistent messages. SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: https://rhn.redhat.com/errata/RHSA-2010-0756.html https://rhn.redhat.com/errata/RHSA-2010-0757.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 16 20:09:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 17 Oct 2010 05:09:49 +0200 Subject: [SEC] [SA41733] Dupehunter Professional Insecure Library Loading Vulnerability Message-ID: <201010170309.o9H39nJw030221@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Dupehunter Professional Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41733 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41733/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41733 RELEASE DATE: 2010-10-17 DISCUSS ADVISORY: http://secunia.com/advisories/41733/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41733/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41733 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Dupehunter Professional, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. Fwpuclnt.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a Dupehunter Project (.DHJB) file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 9.0.0.3911. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: anT!-Tr0J4n ORIGINAL ADVISORY: http://packetstormsecurity.org/1010-exploits/dupehunter-dllhijack.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 16 20:23:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 17 Oct 2010 05:23:48 +0200 Subject: [SEC] [SA41705] RSA Authentication Client Secret Key Object Handling Security Issue Message-ID: <201010170323.o9H3Nmlo018428@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: RSA Authentication Client Secret Key Object Handling Security Issue SECUNIA ADVISORY ID: SA41705 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41705/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41705 RELEASE DATE: 2010-10-17 DISCUSS ADVISORY: http://secunia.com/advisories/41705/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41705/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41705 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in RSA Authentication Client, which can be exploited by malicious users to bypass certain security restrictions. For more information: SA41702 The security issue is reported in RSA Authentication Client 3.0 and 3.5.x versions for all platforms. SOLUTION: Update to version 3.5.3. PROVIDED AND/OR DISCOVERED BY: The vendor credits Graham Steele, LSV, INRIA & CNRS & ENS-Cachan, and Matteo Bortolozzo, Matteo Centenaro, and Riccardo Focardi, Universita Ca'Foscari. ORIGINAL ADVISORY: ESA-2010-018: http://archives.neohapsis.com/archives/bugtraq/2010-10/0032.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 16 20:44:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 17 Oct 2010 05:44:49 +0200 Subject: [SEC] [SA41702] RSA Authentication Client Secret Key Object Handling Security Issue Message-ID: <201010170344.o9H3inXQ006969@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: RSA Authentication Client Secret Key Object Handling Security Issue SECUNIA ADVISORY ID: SA41702 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41702/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41702 RELEASE DATE: 2010-10-17 DISCUSS ADVISORY: http://secunia.com/advisories/41702/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41702/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41702 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in RSA Authentication Client, which can be exploited by malicious users to bypass certain security restrictions. The security issue is caused due to an error when storing secret key objects tagged as "sensitive" or "non-extractable", which can be exploited to extract seemingly secure objects from RSA SecurID 800 authenticators. The security issue is reported in RSA Authentication Client 2.0.x versions for all platforms. SOLUTION: Fixed in RSA Authentication Client 3.5.3. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Graham Steele, LSV, INRIA & CNRS & ENS-Cachan, and Matteo Bortolozzo, Matteo Centenaro, and Riccardo Focardi, Universita Ca'Foscari. ORIGINAL ADVISORY: ESA-2010-018: http://archives.neohapsis.com/archives/bugtraq/2010-10/0032.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 16 21:09:51 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 17 Oct 2010 06:09:51 +0200 Subject: [SEC] [SA41696] Drupal Views Bulk Operations Module Security Bypass Message-ID: <201010170409.o9H49prW028092@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Drupal Views Bulk Operations Module Security Bypass SECUNIA ADVISORY ID: SA41696 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41696/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41696 RELEASE DATE: 2010-10-17 DISCUSS ADVISORY: http://secunia.com/advisories/41696/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41696/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41696 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Views Bulk Operations module for Drupal, which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to an unspecified error, which can be exploited to delete the anonymous user (user 0). Successful exploitation requires access to a view where user management via Views Bulk Operations is enabled. The vulnerability is reported in versions prior to 6.x-1.10. SOLUTION: Update to version 6.x-1.10 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits: * Joonas Kiminki * Teemu Merikoski ORIGINAL ADVISORY: SA-CONTRIB-2010-099: http://drupal.org/node/933960 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 16 21:23:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 17 Oct 2010 06:23:43 +0200 Subject: [SEC] [SA41735] HP Data Protector Denial of Service Vulnerability Message-ID: <201010170423.o9H4NhLi016315@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: HP Data Protector Denial of Service Vulnerability SECUNIA ADVISORY ID: SA41735 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41735/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41735 RELEASE DATE: 2010-10-17 DISCUSS ADVISORY: http://secunia.com/advisories/41735/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41735/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41735 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Pepelux has discovered a vulnerability in HP Data Protector, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a NULL-pointer dereference error in OmniInet.exe and can be exploited to cause the process to crash via a specially crafted packet sent to e.g. TCP port 5555. The vulnerability is confirmed in version A.06.11.0000. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Pepelux ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2010-10/0040.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 16 21:44:52 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 17 Oct 2010 06:44:52 +0200 Subject: [SEC] [SA41664] Red Hat update for freetype Message-ID: <201010170444.o9H4iqEk004839@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Red Hat update for freetype SECUNIA ADVISORY ID: SA41664 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41664/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41664 RELEASE DATE: 2010-10-17 DISCUSS ADVISORY: http://secunia.com/advisories/41664/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41664/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41664 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for freetype. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library. For more information: SA34723 SA40586 SA40816 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0737-1: http://rhn.redhat.com/errata/RHSA-2010-0737.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 16 22:09:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 17 Oct 2010 07:09:29 +0200 Subject: [SEC] [SA41665] Red Hat update for freetype Message-ID: <201010170509.o9H59Tkf025955@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Red Hat update for freetype SECUNIA ADVISORY ID: SA41665 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41665/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41665 RELEASE DATE: 2010-10-17 DISCUSS ADVISORY: http://secunia.com/advisories/41665/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41665/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41665 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for freetype. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library. For more information: SA34723 SA40586 SA40816 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0736-1: http://rhn.redhat.com/errata/RHSA-2010-0736.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Oct 17 10:29:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 17 Oct 2010 19:29:43 +0200 Subject: [SEC] [SA41678] Ubuntu update for lvm2 Message-ID: <201010171729.o9HHThFN014485@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Ubuntu update for lvm2 SECUNIA ADVISORY ID: SA41678 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41678/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41678 RELEASE DATE: 2010-10-17 DISCUSS ADVISORY: http://secunia.com/advisories/41678/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41678/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41678 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for lvm2. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges. For more information: SA40759 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: http://www.ubuntu.com/usn/usn-1001-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Oct 17 11:29:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 17 Oct 2010 20:29:25 +0200 Subject: [SEC] [SA41698] HP Data Protector Media Operations Denial of Service Vulnerability Message-ID: <201010171829.o9HITPlM004738@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: HP Data Protector Media Operations Denial of Service Vulnerability SECUNIA ADVISORY ID: SA41698 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41698/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41698 RELEASE DATE: 2010-10-17 DISCUSS ADVISORY: http://secunia.com/advisories/41698/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41698/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41698 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in HP Data Protector Media Operations, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a NULL-pointer dereference error in DBServer.exe and can be exploited to cause the process to crash via a specially crafted packet sent to e.g. TCP port 19813. The vulnerability is confirmed in version A.06.11.0000. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only (e.g. via network access control lists). PROVIDED AND/OR DISCOVERED BY: d0lc3 ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/15214/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Oct 17 12:29:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 17 Oct 2010 21:29:12 +0200 Subject: [SEC] [SA41707] SUSE Update for Multiple Packages Message-ID: <201010171929.o9HJTCqC027431@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: SUSE Update for Multiple Packages SECUNIA ADVISORY ID: SA41707 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41707/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41707 RELEASE DATE: 2010-10-17 DISCUSS ADVISORY: http://secunia.com/advisories/41707/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41707/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41707 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for multiple packages. This fixes multiple vulnerabilities, where some have an unknown impact, while others can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system. For more information: SA39573 SA39675 SA40268 SA40479 SA40664 SA40792 SA40952 SA41328 SA41354 SA41452 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SR:2010:018: http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Oct 17 13:29:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 17 Oct 2010 22:29:29 +0200 Subject: [SEC] [SA41694] NetBSD GLOB_LIMIT Resource Exhaustion Message-ID: <201010172029.o9HKTTPP017733@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: NetBSD GLOB_LIMIT Resource Exhaustion SECUNIA ADVISORY ID: SA41694 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41694/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41694 RELEASE DATE: 2010-10-17 DISCUSS ADVISORY: http://secunia.com/advisories/41694/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41694/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41694 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in NetBSD, which can be exploited by malicious users to cause a DoS (Denial of Service). The security issue is caused due to an insufficient GLOB_LIMIT implementation, which can be exploited to exhaust memory or cause a high CPU load via specially crafted patterns in commands passed to the ftpd or sftp server processes. SOLUTION: Fixed in the CVS repository. Please see the vendor advisory for details. PROVIDED AND/OR DISCOVERED BY: Maksymilian Arciemowicz ORIGINAL ADVISORY: NetBSD: http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-008.txt.asc Maksymilian Arciemowicz: http://securityreason.com/achievement_securityalert/89 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Oct 17 14:23:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 17 Oct 2010 23:23:12 +0200 Subject: [SEC] [SA41595] Debian update for freetype Message-ID: <201010172123.o9HLNCau007746@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Debian update for freetype SECUNIA ADVISORY ID: SA41595 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41595/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41595 RELEASE DATE: 2010-10-17 DISCUSS ADVISORY: http://secunia.com/advisories/41595/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41595/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41595 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for freetype. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library. For more information see vulnerability #2 in: SA40586 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA-2116-1: http://lists.debian.org/debian-security-announce/2010/msg00165.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Oct 17 14:44:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 17 Oct 2010 23:44:46 +0200 Subject: [SEC] [SA41628] Elxis CMS Multiple Vulnerabilities Message-ID: <201010172144.o9HLikm8028701@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Elxis CMS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41628 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41628/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41628 RELEASE DATE: 2010-10-17 DISCUSS ADVISORY: http://secunia.com/advisories/41628/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41628/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41628 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in Elxis CMS, which can be exploited by malicious users to conduct script insertion and SQL injection attacks and by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) Input passed via the "search" POST parameter to administrator/index2.php (when "option" is set to "com_users") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "name" and "misc" (when "option" is set to "com_contact") and "title" (when "option" is set to "com_modules") POST parameters to administrator/index2.php is not properly sanitised before being used and returned to the user. This can be exploited to insert arbitrary HTML and script code, which will get executed in a user's browser session in context of an affected site when the malicious data is being viewed. 3) Input passed via the "id" parameter to administrator/index2.php (when "option" is set to "com_content" and "task" is set to "edit") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. 4) The application allows users to perform certain actions via HTTP requests without making proper validity checks to verify the requests. This can be exploited to e.g. manipulate contact information in the administrative section by tricking an administrative user into visiting a malicious web site while being logged in to the application. NOTE: Vulnerabilities #2 and #3 can be used in conjunction with vulnerability #4. The vulnerabilities are confirmed in version 2009.2 rev2631. Prior versions may also be affected. SOLUTION: Apply vendor recommended patches and source code changes. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: HTBridge ORIGINAL ADVISORY: Elxis CMS: http://forum.elxis.org/index.php?topic=5144.msg35079#msg35079 http://forum.elxis.org/index.php?topic=5144.msg35080#msg35080 http://forum.elxis.org/index.php?topic=5144.msg35083#msg35083 http://forum.elxis.org/index.php?topic=5144.msg35082#msg35082 HTB22613: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_elxis_cms.html HTB22614: http://www.htbridge.ch/advisory/xss_vulnerability_in_elxis_cms.html HTB22615: http://www.htbridge.ch/advisory/xss_vulnerability_in_elxis_cms_contacts.html HTB22616: http://www.htbridge.ch/advisory/xss_vulnerability_in_elxis_cms_polls_module.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Oct 17 15:13:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 18 Oct 2010 00:13:34 +0200 Subject: [SEC] [SA41688] Red Hat update for postgresql and postgresql84 Message-ID: <201010172213.o9HMDYCr017677@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Red Hat update for postgresql and postgresql84 SECUNIA ADVISORY ID: SA41688 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41688/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41688 RELEASE DATE: 2010-10-17 DISCUSS ADVISORY: http://secunia.com/advisories/41688/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41688/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41688 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for postgresql and postgresql84. This fixes a security issue, which can be exploited by malicious users to perform certain actions with escalated privileges. For more information: SA41692 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0742-1: http://rhn.redhat.com/errata/RHSA-2010-0742.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Oct 17 15:46:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 18 Oct 2010 00:46:37 +0200 Subject: [SEC] [SA41611] Ubuntu update for krb5 Message-ID: <201010172246.o9HMkbI9006753@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Ubuntu update for krb5 SECUNIA ADVISORY ID: SA41611 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41611/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41611 RELEASE DATE: 2010-10-18 DISCUSS ADVISORY: http://secunia.com/advisories/41611/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41611/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41611 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for krb5. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. For more information: SA41684 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-999-1: http://www.ubuntu.com/usn/usn-999-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Oct 17 16:12:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 18 Oct 2010 01:12:00 +0200 Subject: [SEC] [SA41690] Red Hat update for acroread Message-ID: <201010172312.o9HNC0uX027883@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Red Hat update for acroread SECUNIA ADVISORY ID: SA41690 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41690/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41690 RELEASE DATE: 2010-10-18 DISCUSS ADVISORY: http://secunia.com/advisories/41690/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41690/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41690 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for acroread. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to compromise a user's system. For more information: SA41340 SA41435 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0743-1: https://rhn.redhat.com/errata/RHSA-2010-0743.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Oct 17 16:46:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 18 Oct 2010 01:46:35 +0200 Subject: [SEC] [SA41736] Red Hat update for kernel-rt Message-ID: <201010172346.o9HNkZkb017023@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Red Hat update for kernel-rt SECUNIA ADVISORY ID: SA41736 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41736/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41736 RELEASE DATE: 2010-10-18 DISCUSS ADVISORY: http://secunia.com/advisories/41736/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41736/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41736 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for kernel-rt. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose sensitive information or gain escalated privileges. For more information: SA41284 SA41462 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: https://rhn.redhat.com/errata/RHSA-2010-0758.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Oct 17 17:12:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 18 Oct 2010 02:12:23 +0200 Subject: [SEC] [SA41672] SquirrelMail Virtual Keyboard Plugin "passformname" Cross-Site Scripting Message-ID: <201010180012.o9I0CNZM005777@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: SquirrelMail Virtual Keyboard Plugin "passformname" Cross-Site Scripting SECUNIA ADVISORY ID: SA41672 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41672/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41672 RELEASE DATE: 2010-10-18 DISCUSS ADVISORY: http://secunia.com/advisories/41672/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41672/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41672 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Moritz Naumann has discovered a vulnerability in the Virtual Keyboard plugin for SquirrelMail, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "passformname" parameter in plugins/vkeyboard/vkeyboard.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 0.9.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Moritz Naumann ORIGINAL ADVISORY: Moritz Naumann: http://archives.neohapsis.com/archives/fulldisclosure/2010-10/0046.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Oct 17 17:44:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 18 Oct 2010 02:44:18 +0200 Subject: [SEC] [SA41646] Gentoo update for libpng Message-ID: <201010180044.o9I0iIbV027203@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Gentoo update for libpng SECUNIA ADVISORY ID: SA41646 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41646/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41646 RELEASE DATE: 2010-10-18 DISCUSS ADVISORY: http://secunia.com/advisories/41646/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41646/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41646 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for libpng. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA38774 SA40302 SOLUTION: Update to version "media-libs/libpng-1.4.3" or later. ORIGINAL ADVISORY: GLSA 201010-01: http://www.gentoo.org/security/en/glsa/glsa-201010-01.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Oct 17 18:09:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 18 Oct 2010 03:09:42 +0200 Subject: [SEC] [SA41684] Kerberos KDC Authorization Data Array Indexing Vulnerability Message-ID: <201010180109.o9I19gil015927@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Kerberos KDC Authorization Data Array Indexing Vulnerability SECUNIA ADVISORY ID: SA41684 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41684/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41684 RELEASE DATE: 2010-10-18 DISCUSS ADVISORY: http://secunia.com/advisories/41684/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41684/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41684 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Kerberos, which can be exploited by malicious users to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerability is caused due an array-indexing error within the "merge_authdata()" function (kdc_authdata.c) when processing authorization data from Kerberos TGS request messages. This can be exploited to dereference an uninitialized pointer causing the KDC process to crash. The vulnerability is reported in versions krb5-1.8 through krb5-1.8.3. SOLUTION: Apply patch or update to version krb5-1.8.4 when it becomes available. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Mike Roszkowski. ORIGINAL ADVISORY: MITKRB5-SA-2010-006: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-006.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Oct 17 18:23:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 18 Oct 2010 03:23:58 +0200 Subject: [SEC] [SA41559] FAQMasterFlex Multiple SQL Injection Vulnerabilities Message-ID: <201010180123.o9I1NwN1004144@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: FAQMasterFlex Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA41559 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41559/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41559 RELEASE DATE: 2010-10-18 DISCUSS ADVISORY: http://secunia.com/advisories/41559/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41559/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41559 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in FAQMasterFlex, which can be exploited by malicious users and by malicious people to conduct SQL injection attacks. Input passed via the "category_id" parameter to faq.php and "category" to faq_admin.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerabilities are confirmed in version 1.2. Prior versions may also be affected. SOLUTION: Use another product. PROVIDED AND/OR DISCOVERED BY: cyb3r.anbu and an anonymous person OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Oct 17 18:44:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 18 Oct 2010 03:44:18 +0200 Subject: [SEC] [SA41692] PostgreSQL External Procedural Languages Privilege Escalation Message-ID: <201010180144.o9I1iInS025045@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: PostgreSQL External Procedural Languages Privilege Escalation SECUNIA ADVISORY ID: SA41692 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41692/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41692 RELEASE DATE: 2010-10-18 DISCUSS ADVISORY: http://secunia.com/advisories/41692/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41692/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41692 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in PostgreSQL, which can be exploited by malicious users to perform certain actions with escalated privileges. The security issue is caused due to an error in the application when executing a function in the same session as another user. This can be exploited to execute arbitrary SQL code with the privileges of that user. Successful exploitation requires that the functions and procedures of the external procedural languages use SECURITY DEFINER functions, SET ROLE, or SET SESSION AUTHORIZATION. SOLUTION: Update to version 9.0.1, 8.4.5, 8.3.12, 8.2.18, 8.1.22, 8.0.26, or 7.4.30, which fix the security issue in PL/perl and PL/tcl (a fix for PL/PHP is reportedly in development). PROVIDED AND/OR DISCOVERED BY: The vendor credits Tim Bunce. ORIGINAL ADVISORY: http://www.postgresql.org/about/news.1244 http://wiki.postgresql.org/wiki/20101005securityrelease OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Oct 17 19:18:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 18 Oct 2010 04:18:33 +0200 Subject: [SEC] [SA41697] HP Tru64 UNIX NTP Mode 7 Request Denial of Service Message-ID: <201010180218.o9I2IXak014670@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: HP Tru64 UNIX NTP Mode 7 Request Denial of Service SECUNIA ADVISORY ID: SA41697 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41697/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41697 RELEASE DATE: 2010-10-18 DISCUSS ADVISORY: http://secunia.com/advisories/41697/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41697/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41697 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: HP has acknowledged a vulnerability in HP Tru64 UNIX, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA37629 The vulnerability is reported in Tru64 UNIX v 5.1B-5 (BL28) and Tru64 UNIX v 5.1B-4 (BL27) running NTP. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: HPSBTU02496 SSRT090245: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01961950 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Oct 17 19:44:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 18 Oct 2010 04:44:33 +0200 Subject: [SEC] [SA41723] Dovecot ACL Handling Security Issue Message-ID: <201010180244.o9I2iXRZ003408@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Dovecot ACL Handling Security Issue SECUNIA ADVISORY ID: SA41723 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41723/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41723 RELEASE DATE: 2010-10-18 DISCUSS ADVISORY: http://secunia.com/advisories/41723/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41723/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41723 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Dovecot, which can be exploited by malicious users to bypass certain security restrictions. An error exists in the ACL plugin when handling multiple ACL entries of the same identifier type, which can result in certain rights not being properly enforced. The security issue is reported in versions 1.2.8 through 1.2.14 and 2.0 through 2.0.4. SOLUTION: Update to version 1.2.15 or 2.0.5. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.dovecot.org/list/dovecot/2010-October/053451.html http://www.dovecot.org/list/dovecot/2010-October/053450.html http://www.dovecot.org/list/dovecot/2010-October/053452.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 18 10:29:52 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 18 Oct 2010 19:29:52 +0200 Subject: [SEC] [SA41849] RealWin Packet Processing Buffer Overflow Vulnerabilities Message-ID: <201010181729.o9IHTqEm030905@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: RealWin Packet Processing Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA41849 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41849/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41849 RELEASE DATE: 2010-10-18 DISCUSS ADVISORY: http://secunia.com/advisories/41849/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41849/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41849 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered two vulnerabilities in RealWin, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. 1) A boundary error when processing "SCPC_INITIALIZE" and "SCPC_INITIALIZE_RF" packets can be exploited to cause a stack-based buffer overflow by e.g. sending specially crafted packets to port 912/TCP. 2) A boundary error when processing the "SCPC_TXTEVENT" packets can be exploited to cause a stack-based buffer overflow by e.g. sending a specially crafted packet to port 912/TCP. The vulnerabilities are confirmed in RealWin 2.1 Build 6.1.8.10. Other versions may also be affected. SOLUTION: Restrict network access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/realwin_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 18 11:29:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 18 Oct 2010 20:29:36 +0200 Subject: [SEC] [SA41852] CrossFTP Directory Traversal Vulnerability Message-ID: <201010181829.o9IITaRL021173@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: CrossFTP Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA41852 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41852/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41852 RELEASE DATE: 2010-10-18 DISCUSS ADVISORY: http://secunia.com/advisories/41852/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41852/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41852 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in CrossFTP, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when downloading directories containing files with directory traversal specifiers in the filename. This can be exploited to download files to an arbitrary location on a user's system. Successful exploitation requires that the user is tricked into connecting and downloading a directory from a malicious FTP server. The vulnerability is confirmed in CrossFTP Pro version 1.65a. Other versions may also be affected. SOLUTION: Do not download from untrusted FTP servers. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_crossftp_pro.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 18 12:29:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 18 Oct 2010 21:29:54 +0200 Subject: [SEC] [SA41855] Aasync Filename Parsing Buffer Overflow Vulnerability Message-ID: <201010181929.o9IJTslR011477@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Aasync Filename Parsing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA41855 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41855/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41855 RELEASE DATE: 2010-10-18 DISCUSS ADVISORY: http://secunia.com/advisories/41855/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41855/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41855 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Aasync, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when parsing a file name and can be exploited to cause a stack-based buffer overflow via an overly long, specially crafted LIST response. Successful exploitation allows execution of arbitrary code, but requires that the user is tricked into downloading from a malicious FTP server. The vulnerability is confirmed in version 2.2.1.0. Other versions may also be affected. SOLUTION: Upgrade to version 3.5.1.4. PROVIDED AND/OR DISCOVERED BY: corelanc0d3r ORIGINAL ADVISORY: http://www.corelan.be:8800/index.php/2010/10/12/death-of-an-ftp-client/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 18 13:29:52 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 18 Oct 2010 22:29:52 +0200 Subject: [SEC] [SA41902] Ease Jukebox Insecure Library Loading Vulnerability Message-ID: <201010182029.o9IKTqZt001711@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Ease Jukebox Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41902 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41902/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41902 RELEASE DATE: 2010-10-18 DISCUSS ADVISORY: http://secunia.com/advisories/41902/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41902/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41902 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Ease Jukebox, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. wmaudsdk.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a MP3 or WAV file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code, but requires that the application is configured to be associated with MP3 and WAV files via the "Option" menu. The vulnerability is confirmed in version 1.40. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Mister Teatime OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 18 14:23:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 18 Oct 2010 23:23:11 +0200 Subject: [SEC] [SA41854] 32bit FTP Client Filename Parsing Buffer Overflow Vulnerability Message-ID: <201010182123.o9ILNBpt024153@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: 32bit FTP Client Filename Parsing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA41854 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41854/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41854 RELEASE DATE: 2010-10-18 DISCUSS ADVISORY: http://secunia.com/advisories/41854/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41854/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41854 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in 32bit FTP Client, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when parsing a file name and can be exploited to cause a stack-based buffer overflow via an overly long, specially crafted LIST response. Successful exploitation allows execution of arbitrary code, but requires that the user is tricked into downloading from a malicious FTP server. The vulnerability is confirmed in version 10.08.01. Other versions may also be affected. SOLUTION: Update to version 10.10.14. PROVIDED AND/OR DISCOVERED BY: fancy ORIGINAL ADVISORY: http://www.corelan.be:8800/index.php/2010/10/12/death-of-an-ftp-client/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 18 14:44:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 18 Oct 2010 23:44:11 +0200 Subject: [SEC] [SA41884] Sun Solaris Apache HTTP Server Multiple Vulnerabilities Message-ID: <201010182144.o9ILiB2J012669@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Sun Solaris Apache HTTP Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41884 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41884/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41884 RELEASE DATE: 2010-10-18 DISCUSS ADVISORY: http://secunia.com/advisories/41884/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41884/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41884 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged some vulnerabilities in Sun Solaris, which can be exploited by malicious, local users to bypass certain security restrictions, by malicious users and malicious people to cause a DoS (Denial of Service), and by malicious people to disclose sensitive information, bypass certain security restrictions, and manipulate certain data. For more information: SA34827 SA35261 SA35691 SA35781 SA36549 SA36675 SA37291 SA38776 SA40206 SOLUTION: Restrict access to trusted users only. ORIGINAL ADVISORY: http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_the_apache OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 18 15:13:57 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Oct 2010 00:13:57 +0200 Subject: [SEC] [SA41903] PCDJ Karaoki Insecure Executable Loading Vulnerability Message-ID: <201010182213.o9IMDvsm001646@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: PCDJ Karaoki Insecure Executable Loading Vulnerability SECUNIA ADVISORY ID: SA41903 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41903/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41903 RELEASE DATE: 2010-10-18 DISCUSS ADVISORY: http://secunia.com/advisories/41903/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41903/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41903 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in PCDJ Karaoki, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading "saMon2.exe" in an insecure manner using ShellExecute() and can be exploited by tricking a user into e.g. opening a M3U file located on a remote SMB share. Successful exploitation allows execution of arbitrary code, but requires that files are opened via the Windows Explorer "Open With" menu. The vulnerability is confirmed in version 0.6.3819. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Mister Teatime OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 18 15:46:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Oct 2010 00:46:26 +0200 Subject: [SEC] [SA41860] FTP Synchronizer FTP Response Processing Vulnerability Message-ID: <201010182246.o9IMkQDc023134@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: FTP Synchronizer FTP Response Processing Vulnerability SECUNIA ADVISORY ID: SA41860 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41860/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41860 RELEASE DATE: 2010-10-19 DISCUSS ADVISORY: http://secunia.com/advisories/41860/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41860/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41860 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in FTP Synchronizer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing FTP server responses and can be exploited to cause a buffer overflow via an overly long, specially crafted LIST response. Successful exploitation allows execution of arbitrary code, but requires that a user connects to and e.g. "Previews" a specially crafted FTP server. The vulnerability is confirmed in FTP Synchronizer Professional version 4.0.73.274. Other versions may also be affected. SOLUTION: Do not connect to untrusted FTP servers. PROVIDED AND/OR DISCOVERED BY: myne-us ORIGINAL ADVISORY: http://www.corelan.be:8800/index.php/2010/10/12/death-of-an-ftp-client/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 18 16:12:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Oct 2010 01:12:12 +0200 Subject: [SEC] [SA41882] IBM Java Multiple Vulnerabilities Message-ID: <201010182312.o9INCCtt011896@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: IBM Java Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41882 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41882/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41882 RELEASE DATE: 2010-10-19 DISCUSS ADVISORY: http://secunia.com/advisories/41882/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41882/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41882 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged some vulnerabilities in IBM Java, which can be exploited by malicious people to disclose potentially sensitive information and manipulate certain data and compromise a vulnerable system. For more information: SA41791 SOLUTION: Update to versions 5.0.0 SR12 FP2, 6.0.0 SR9, or 1.4.2 SR13 FP6 / FP7 when available. ORIGINAL ADVISORY: IBM: http://www-01.ibm.com/support/docview.wss?uid=swg1PM24510 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ86645 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ86644 http://www-01.ibm.com/support/docview.wss?uid=swg1PM24483 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ86635 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ86642 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ86595 http://www-01.ibm.com/support/docview.wss?uid=swg1PM24451 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ86568 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ86590 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 18 16:44:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Oct 2010 01:44:24 +0200 Subject: [SEC] [SA41858] FTPPad Server Response Buffer Overflow Vulnerability Message-ID: <201010182344.o9INiO43000868@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: FTPPad Server Response Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA41858 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41858/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41858 RELEASE DATE: 2010-10-19 DISCUSS ADVISORY: http://secunia.com/advisories/41858/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41858/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41858 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in FTPPad, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error when processing FTP server responses and can be exploited to cause a buffer overflow via an overly long, specially crafted LIST response. Successful exploitation allows execution of arbitrary code, but requires that the user is tricked into connecting to a malicious FTP server. The vulnerability is confirmed in version 1.2.0. Other versions may also be affected. SOLUTION: Do not connect to untrusted FTP servers. PROVIDED AND/OR DISCOVERED BY: corelanc0d3r ORIGINAL ADVISORY: http://www.corelan.be:8800/index.php/2010/10/12/death-of-an-ftp-client/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 18 17:12:06 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Oct 2010 02:12:06 +0200 Subject: [SEC] [SA41874] Windows Server 2008 Color Control Panel Insecure Library Loading Vulnerability Message-ID: <201010190012.o9J0C6nT022161@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Windows Server 2008 Color Control Panel Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41874 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41874/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41874 RELEASE DATE: 2010-10-19 DISCUSS ADVISORY: http://secunia.com/advisories/41874/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41874/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41874 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Microsoft Windows Server 2008, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the Color Control Panel library (colorui.dll) used by the Color Control Panel application (colorcpl.exe) loading libraries (e.g. sti.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening CAMP, CDMP, GMMP, or ICC Profile (.icm and .icc) files located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in a fully patched version of Windows Server 2008 Enterprise SP2 including colorui.dll version 6.0.6001.18000. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: shinnai ORIGINAL ADVISORY: http://shinnai.altervista.org/exploits/SH-006-20100914.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 18 17:44:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Oct 2010 02:44:35 +0200 Subject: [SEC] [SA41867] Rocket U2 UniData Multiple Denial of Service Vulnerabilities Message-ID: <201010190044.o9J0iZUn011193@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Rocket U2 UniData Multiple Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA41867 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41867/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41867 RELEASE DATE: 2010-10-19 DISCUSS ADVISORY: http://secunia.com/advisories/41867/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41867/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41867 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered multiple vulnerabilities in Rocket U2 UniData, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error in the "uvrpc_read_message()" function (unirpc32.dll) when processing packets can be exploited to reference unallocated memory and crash the unirpcd.exe process. 2) An integer overflow error in the "uvrpc_unpack_args()" function (unirpc32.dll) when processing packets can be exploited to reference an unallocated memory region and crash the unirpcd.exe process. 3) An input validation error in the "uvrpc_unpack_args()" function (unirpc32.dll) when processing packets can be exploited to reference an unallocated memory region and crash the unirpcd.exe process. 4) An input validation error when processing packets can be exploited to reference an unallocated memory region and crash the unirpcd.exe process. The vulnerabilities are confirmed in version 7.2.7 Build 3806. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.org/adv/unirpcd_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 18 18:09:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Oct 2010 03:09:37 +0200 Subject: [SEC] [SA41889] Fujitsu Interstage Products Directory Traversal Vulnerability Message-ID: <201010190109.o9J19bO1032304@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Fujitsu Interstage Products Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA41889 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41889/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41889 RELEASE DATE: 2010-10-19 DISCUSS ADVISORY: http://secunia.com/advisories/41889/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41889/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41889 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fujitsu has acknowledged a vulnerability in Interstage products, which can be exploited by malicious people to disclose potentially sensitive information. For more information see vulnerability #3: SA31379 Please see the vendor's advisory for a list of affected products and versions. SOLUTION: Apply patches (please see the vendor's advisory for details). ORIGINAL ADVISORY: http://www.fujitsu.com/global/support/software/security/products-f/interstage-201003e.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 18 18:23:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Oct 2010 03:23:20 +0200 Subject: [SEC] [SA41873] IBM solidDB Multiple Denial of Service Vulnerabilities Message-ID: <201010190123.o9J1NKgY020503@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: IBM solidDB Multiple Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA41873 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41873/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41873 RELEASE DATE: 2010-10-19 DISCUSS ADVISORY: http://secunia.com/advisories/41873/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41873/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41873 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered multiple vulnerabilities in IBM solidDB, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error in solid.exe when processing certain fields within a packet can be exploited to cause a loop within a recursive function and crash the process. 2) A NULL-pointer dereference error in solid.exe can be exploited to cause the process to crash via a specially crafted packet. 3) An error in solid.exe when processing certain fields within a packet can be exploited to reference an unallocated memory region and crash the process. The vulnerabilities are confirmed in version 6.5.0 Fix Pack 3 (6.5.0.3 Build 2010-10-04). Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/soliddb_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 18 18:44:53 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Oct 2010 03:44:53 +0200 Subject: [SEC] [SA41743] RealPlayer Enterprise Multiple Vulnerabilities Message-ID: <201010190144.o9J1irWb009052@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: RealPlayer Enterprise Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41743 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41743/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41743 RELEASE DATE: 2010-10-19 DISCUSS ADVISORY: http://secunia.com/advisories/41743/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41743/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41743 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in RealPlayer Enterprise, which can be exploited by malicious people to compromise a user's system. For more information see vulnerabilities #6, #7, #8, #10: SA41096 SOLUTION: Update to version 2.1.3. ORIGINAL ADVISORY: RealNetworks: http://service.real.com/realplayer/security/10152010_player/en/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 18 19:17:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Oct 2010 04:17:26 +0200 Subject: [SEC] [SA41896] SUSE update for kernel Message-ID: <201010190217.o9J2HQ1k030993@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: SUSE update for kernel SECUNIA ADVISORY ID: SA41896 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41896/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41896 RELEASE DATE: 2010-10-19 DISCUSS ADVISORY: http://secunia.com/advisories/41896/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41896/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41896 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges. For more information: SA41493 SA41693 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: SUSE-SA:2010:051: http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00004.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 18 19:43:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Oct 2010 04:43:24 +0200 Subject: [SEC] [SA41887] Blue Coat ProxySG JavaScript Detection Bypass Message-ID: <201010190243.o9J2hObF019755@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Blue Coat ProxySG JavaScript Detection Bypass SECUNIA ADVISORY ID: SA41887 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41887/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41887 RELEASE DATE: 2010-10-19 DISCUSS ADVISORY: http://secunia.com/advisories/41887/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41887/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41887 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Blue Coat ProxySG, which can be exploited by malicious people to bypass certain security restrictions. The problem is caused due to the Active Content Transformation or Removal feature not detecting JavaScript when encoded using hex and UTF-8 entities. This can be exploited to bypass configured policy rules that detect and remove active content. SOLUTION: Apply fixes when available. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Blue Coat: https://kb.bluecoat.com/index?page=content&id=SA48 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 18 19:55:15 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Oct 2010 04:55:15 +0200 Subject: [SEC] [SA41816] Kisisel Radyo Script Two Vulnerabilities Message-ID: <201010190255.o9J2tFRL007862@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Kisisel Radyo Script Two Vulnerabilities SECUNIA ADVISORY ID: SA41816 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41816/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41816 RELEASE DATE: 2010-10-19 DISCUSS ADVISORY: http://secunia.com/advisories/41816/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41816/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41816 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in Kisisel Radyo Script, which can be exploited by malicious people to disclose sensitive information and conduct SQL injection attacks. 1) The "sevvo/eco23.mdb" database file is stored with insecure permissions inside the web root, which can be exploited to gain knowledge of sensitive information by downloading the file. 2) Input passed via the "Id" parameter to radyo.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Place the database file outside the web root. Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: FuRty OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 19 10:30:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Oct 2010 19:30:05 +0200 Subject: [SEC] [SA41810] VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability Message-ID: <201010191730.o9JHU580002438@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: VLC Media Player Mozilla VLC Multimedia Plug-in Vulnerability SECUNIA ADVISORY ID: SA41810 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41810/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41810 RELEASE DATE: 2010-10-19 DISCUSS ADVISORY: http://secunia.com/advisories/41810/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41810/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41810 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: shinnai has discovered a vulnerability in VLC Media Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error within the "VLC Multimedia Plug-in" for Mozilla, which can be exploited to potentially execute arbitrary code by tricking a user into opening a specially crafted website in a browser using this plugin. Successful exploitation requires that the "VLC Multimedia Plug-in" for Mozilla is installed (not installed by default). The vulnerability is confirmed in version 1.1.4. Other versions may also be affected. SOLUTION: Do not use the plugin. PROVIDED AND/OR DISCOVERED BY: shinnai ORIGINAL ADVISORY: http://shinnai.altervista.org/exploits/SH-007-20101019.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 19 11:29:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Oct 2010 20:29:08 +0200 Subject: [SEC] [SA41914] IBM Informix Dynamic Server "DBINFO" Buffer Overflow Vulnerability Message-ID: <201010191829.o9JIT8UX025107@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: IBM Informix Dynamic Server "DBINFO" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA41914 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41914/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41914 RELEASE DATE: 2010-10-19 DISCUSS ADVISORY: http://secunia.com/advisories/41914/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41914/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41914 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM Informix Dynamic Server, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to a boundary error when processing an SQL query using the "DBINFO" keyword and can be exploited to cause a stack-based buffer overflow. SOLUTION: Update to versions 10.00.xC10, 11.10.xC3, or 11.50.xC3 or contact the customer support for a special build. PROVIDED AND/OR DISCOVERED BY: An anonymous person via ZDI. ORIGINAL ADVISORY: ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-217/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 19 12:29:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Oct 2010 21:29:33 +0200 Subject: [SEC] [SA41915] IBM Informix Dynamic Server "librpc.dll" Integer Overflow Vulnerability Message-ID: <201010191929.o9JJTXPH015410@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: IBM Informix Dynamic Server "librpc.dll" Integer Overflow Vulnerability SECUNIA ADVISORY ID: SA41915 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41915/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41915 RELEASE DATE: 2010-10-19 DISCUSS ADVISORY: http://secunia.com/advisories/41915/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41915/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41915 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM Informix Dynamic Server, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an integer overflow in librpc.dll and can be exploited to cause a heap-based buffer overflow via a specially crafted RPC packet sent to TCP port 36890. The vulnerability is reported in versions prior to 7.31.xD11, 9.40.xC10, 10.00.xC8, and 11.10.xC2. SOLUTION: Update to versions 7.31.xD11, 9.40.xC10, 10.00.xC8, or 11.10.xC2 or later. PROVIDED AND/OR DISCOVERED BY: Sebastian Apelt via ZDI ORIGINAL ADVISORY: ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-215/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 19 13:29:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Oct 2010 22:29:29 +0200 Subject: [SEC] [SA41883] Red Hat update for cobbler Message-ID: <201010192029.o9JKTTNL005698@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Red Hat update for cobbler SECUNIA ADVISORY ID: SA41883 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41883/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41883 RELEASE DATE: 2010-10-19 DISCUSS ADVISORY: http://secunia.com/advisories/41883/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41883/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41883 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for cobbler. This fixes a vulnerability, which can be exploited by malicious users to gain escalated privileges. The vulnerability is caused due to an error when processing kickstart template files and can be exploited to execute arbitrary Python code as a root user when Cheetah processes the files. Successful exploitation requires "Configuration Administrator" role privileges. This may be related to: SA32737 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Doug Knight, University of Alaska. ORIGINAL ADVISORY: RHSA-2010:0775-1: https://rhn.redhat.com/errata/RHSA-2010-0775.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 19 14:23:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Oct 2010 23:23:39 +0200 Subject: [SEC] [SA41880] Fedora update for postgresql Message-ID: <201010192123.o9JLNd8C028124@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Fedora update for postgresql SECUNIA ADVISORY ID: SA41880 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41880/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41880 RELEASE DATE: 2010-10-19 DISCUSS ADVISORY: http://secunia.com/advisories/41880/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41880/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41880 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for postgresql. This fixes a security issue, which can be exploited by malicious users to perform certain actions with escalated privileges. For more information: SA41692 SOLUTION: Apply updated packages using the yum utility ("yum update postgresql"). ORIGINAL ADVISORY: FEDORA-2010-15954: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049591.html FEDORA-2010-15960: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049592.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 19 14:44:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 19 Oct 2010 23:44:39 +0200 Subject: [SEC] [SA41871] Fedora update for webkitgtk Message-ID: <201010192144.o9JLidk9016638@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Fedora update for webkitgtk SECUNIA ADVISORY ID: SA41871 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41871/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41871 RELEASE DATE: 2010-10-19 DISCUSS ADVISORY: http://secunia.com/advisories/41871/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41871/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41871 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for webkitgtk. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing attacks, and compromise an application using the library. For more information: SA41014 SA41085 SA41328 SA41242 SOLUTION: Apply updated packages using the yum utility ("yum update webkitgtk"). ORIGINAL ADVISORY: FEDORA-2010-15982: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049544.html FEDORA-2010-15957: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049604.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 19 15:13:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Oct 2010 00:13:29 +0200 Subject: [SEC] [SA41879] Free 3GP Video Converter Insecure Library Loading Vulnerability Message-ID: <201010192213.o9JMDTX0005620@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Free 3GP Video Converter Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41879 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41879/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41879 RELEASE DATE: 2010-10-19 DISCUSS ADVISORY: http://secunia.com/advisories/41879/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41879/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41879 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Free 3GP Video Converter, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application bundling a vulnerable version of the avcodec-52.dll library, which loads libraries (e.g. quserex.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a AVI file located on a remote WebDAV or SMB share Successful exploitation allows execution of arbitrary code, but requires that files are opened via the Windows Explorer "Open With" menu. The vulnerability is confirmed in version 3.7.15. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Crazy_Hacker ORIGINAL ADVISORY: http://www.exploit-db.com/dll-hijacking-vulnerable-applications/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 19 15:46:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Oct 2010 00:46:12 +0200 Subject: [SEC] [SA41910] Cool iPhone Ringtone Maker Insecure Library Loading Vulnerability Message-ID: <201010192246.o9JMkCoc027074@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Cool iPhone Ringtone Maker Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41910 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41910/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41910 RELEASE DATE: 2010-10-20 DISCUSS ADVISORY: http://secunia.com/advisories/41910/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41910/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41910 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Cool iPhone Ringtone Maker, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a MP3 file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code, but requires that files are opened via the Windows Explorer "Open With" menu. The vulnerability is confirmed in version 2.2.3. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: anT!-Tr0J4n ORIGINAL ADVISORY: http://packetstormsecurity.org/1010-exploits/cooliphoneringtone-dllhijack.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 19 16:12:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Oct 2010 01:12:07 +0200 Subject: [SEC] [SA41864] Fedora update for freetype Message-ID: <201010192312.o9JNC7YT015823@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Fedora update for freetype SECUNIA ADVISORY ID: SA41864 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41864/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41864 RELEASE DATE: 2010-10-20 DISCUSS ADVISORY: http://secunia.com/advisories/41864/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41864/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41864 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for freetype. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library. For more information: SA40586 SA40816 SOLUTION: Apply updated packages using the yum utility ("yum update freetype"). ORIGINAL ADVISORY: FEDORA-2010-15705: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049605.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 19 16:46:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Oct 2010 01:46:58 +0200 Subject: [SEC] [SA41886] Fedora update for java-1.6.0-openjdk Message-ID: <201010192346.o9JNkw6V004970@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Fedora update for java-1.6.0-openjdk SECUNIA ADVISORY ID: SA41886 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41886/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41886 RELEASE DATE: 2010-10-20 DISCUSS ADVISORY: http://secunia.com/advisories/41886/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41886/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41886 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for java-1.6.0-openjdk. This fixed multiple vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information, manipulate certain data, and compromise a vulnerable system. For more information: SA41791 SOLUTION: Apply updated packages via the yum utility ("yum update java-1.6.0-openjdk"). ORIGINAL ADVISORY: FEDORA-2010-16294: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 19 17:12:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Oct 2010 02:12:22 +0200 Subject: [SEC] [SA41907] Phoenix Project Manager Insecure Library Loading Vulnerability Message-ID: <201010200012.o9K0CMk3026104@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Phoenix Project Manager Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41907 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41907/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41907 RELEASE DATE: 2010-10-20 DISCUSS ADVISORY: http://secunia.com/advisories/41907/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41907/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41907 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Phoenix Project Manager, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. wbtrv32.dll and w3btrv7.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a PPX file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 2.1.0.8. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: anT!-Tr0J4n ORIGINAL ADVISORY: http://packetstormsecurity.org/1010-exploits/phoenix-dllhijack.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 19 17:45:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Oct 2010 02:45:17 +0200 Subject: [SEC] [SA41878] Fedora update for php-pear-CAS Message-ID: <201010200045.o9K0jHsk015173@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Fedora update for php-pear-CAS SECUNIA ADVISORY ID: SA41878 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41878/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41878 RELEASE DATE: 2010-10-20 DISCUSS ADVISORY: http://secunia.com/advisories/41878/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41878/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41878 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for php-pear-CAS. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious users to perform certain actions with escalated privileges and disclose sensitive information and by malicious people to conduct cross-site scripting attacks. For more information: SA41655 SOLUTION: Apply updated packages using the yum utility ("yum update php-pear-CAS"). ORIGINAL ADVISORY: FEDORA-2010-15970: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049602.html FEDORA-2010-15943: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 19 18:22:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Oct 2010 03:22:09 +0200 Subject: [SEC] [SA41913] IBM Informix Dynamic Server "oninit.exe" Buffer Overflow Vulnerability Message-ID: <201010200122.o9K1M9MH023904@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: IBM Informix Dynamic Server "oninit.exe" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA41913 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41913/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41913 RELEASE DATE: 2010-10-20 DISCUSS ADVISORY: http://secunia.com/advisories/41913/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41913/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41913 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM Informix Dynamic Server, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the logging function in oninit.exe and can be exploited to cause a stack-based buffer overflow by sending a specially crafted request to TCP ports 9088 or 1526. The vulnerability is reported in IBM Informix Dynamic Server versions prior to 11.50.xC1 and 11.10.xC2W2. SOLUTION: Update to version 11.50.xC1 or 11.10.xC2W2. PROVIDED AND/OR DISCOVERED BY: An anonymous person via ZDI. ORIGINAL ADVISORY: ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-216/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 19 18:22:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Oct 2010 03:22:07 +0200 Subject: [SEC] [SA41870] Adobe RoboHelp Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201010200122.o9K1M7gG023870@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Adobe RoboHelp Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA41870 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41870/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41870 RELEASE DATE: 2010-10-20 DISCUSS ADVISORY: http://secunia.com/advisories/41870/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41870/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41870 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Adobe RoboHelp, which can be exploited by malicious people to conduct cross-site scripting vulnerabilities. 1) Certain unspecified input passed to RoboHelp for Word while generating WebHelp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in Adobe RoboHelp version 8, Adobe RoboHelp version 7, Adobe RoboHelp Server version 8, and Adobe RoboHelp Server version 7. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits David Damstra, CU*Answers. 2) The vendor credits James Jardine, Jardine Software Inc. ORIGINAL ADVISORY: http://www.adobe.com/support/security/bulletins/apsb10-23.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 19 18:44:53 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Oct 2010 03:44:53 +0200 Subject: [SEC] [SA41738] FreeType "ft_var_readpackedpoints()" Buffer Overflow Vulnerability Message-ID: <201010200144.o9K1irqK012993@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: FreeType "ft_var_readpackedpoints()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA41738 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41738/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41738 RELEASE DATE: 2010-10-20 DISCUSS ADVISORY: http://secunia.com/advisories/41738/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41738/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41738 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in FreeType, which can be exploited to cause a DoS (Denial of Service) or potentially compromise an application using the library. The vulnerability is caused due to an error in the "ft_var_readpackedpoints()" function in src/truetype/ttgxvar.c when processing TrueType GX fonts. This can be exploited to cause a heap-based buffer overflow via a specially crafted font. The vulnerability is reported in version 2.4.3. Other versions may also be affected. SOLUTION: Fixed in the Git repository. PROVIDED AND/OR DISCOVERED BY: Anonymous person via a FreeType bug report. ORIGINAL ADVISORY: https://savannah.nongnu.org/bugs/index.php?31310 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=59eb9f8cfe7d1df379a2318316d1f04f80fba54a OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 19 19:18:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Oct 2010 04:18:11 +0200 Subject: [SEC] [SA41811] Apache HTTP Server APR-util Multiple Denial of Service Vulnerabilities Message-ID: <201010200218.o9K2IB8H002564@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Apache HTTP Server APR-util Multiple Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA41811 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41811/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41811 RELEASE DATE: 2010-10-20 DISCUSS ADVISORY: http://secunia.com/advisories/41811/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41811/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41811 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Apache HTTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerabilities are caused due to application using vulnerable APR-utils code. For more information: SA41701 SOLUTION: Update to version 2.2.17. ORIGINAL ADVISORY: http://www.apache.org/dist/httpd/Announcement2.2.html http://www.apache.org/dist/httpd/CHANGES_2.2.17 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 19 19:43:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Oct 2010 04:43:34 +0200 Subject: [SEC] [SA41885] Fedora update for poppler Message-ID: <201010200243.o9K2hYwO023722@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Fedora update for poppler SECUNIA ADVISORY ID: SA41885 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41885/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41885 RELEASE DATE: 2010-10-20 DISCUSS ADVISORY: http://secunia.com/advisories/41885/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41885/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41885 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for poppler. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA41596 SOLUTION: Apply updated packages using the yum utility ("yum update poppler"). ORIGINAL ADVISORY: FEDORA-2010-15981: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049545.html FEDORA-2010-15911: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049523.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 19 19:55:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Oct 2010 04:55:37 +0200 Subject: [SEC] [SA41795] GNU C Library Dynamic Linker "$ORIGIN" Expansion Weakness Message-ID: <201010200255.o9K2tbM0011844@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: GNU C Library Dynamic Linker "$ORIGIN" Expansion Weakness SECUNIA ADVISORY ID: SA41795 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41795/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41795 RELEASE DATE: 2010-10-20 DISCUSS ADVISORY: http://secunia.com/advisories/41795/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41795/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41795 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Tavis Ormandy has reported a weakness in the GNU C Library, which can be exploited by malicious, local users to gain escalated privileges. The weakness is caused due to dynamic linker expanding the "$ORIGIN" substitution for privileged applications, which can be exploited to gain escalated privileges by e.g. hard linking to a setuid application and forcing the expansion of "$ORIGIN" via "LD_AUDIT". SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Tavis Ormandy ORIGINAL ADVISORY: Tavis Ormandy: http://archives.neohapsis.com/archives/fulldisclosure/2010-10/0258.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 20 10:28:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Oct 2010 19:28:42 +0200 Subject: [SEC] [SA41891] TIBCO ActiveMatrix Products JMX Connections Code Execution Vulnerability Message-ID: <201010201728.o9KHSgHu023846@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: TIBCO ActiveMatrix Products JMX Connections Code Execution Vulnerability SECUNIA ADVISORY ID: SA41891 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41891/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41891 RELEASE DATE: 2010-10-20 DISCUSS ADVISORY: http://secunia.com/advisories/41891/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41891/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41891 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in TIBCO ActiveMatrix products, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified error in the "TIBCO ActiveMatrix Runtime" and "TIBCO ActiveMatrix Administrator" components when handing JMX connections, which can be exploited to execute arbitrary code. The vulnerability is reported in the following products: * TIBCO ActiveMatrix Service Grid versions prior to 2.3.1 * TIBCO ActiveMatrix Service Bus versions prior to 2.3.1 * TIBCO ActiveMatrix BusinessWorks Service Engine versions prior to 5.8.1 * TIBCO ActiveMatrix Service Performance Manager versions prior to 1.3.2 SOLUTION: Update to the latest version. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.tibco.com/services/support/advisories/activematrix-advisory_20101019.jsp http://www.tibco.com/multimedia/activematrix_advisory_tcm8-12488.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 20 11:28:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Oct 2010 20:28:20 +0200 Subject: [SEC] [SA41918] DeluxeBB "xthedateformat" SQL Injection Vulnerability Message-ID: <201010201828.o9KISKu8014111@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: DeluxeBB "xthedateformat" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA41918 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41918/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41918 RELEASE DATE: 2010-10-20 DISCUSS ADVISORY: http://secunia.com/advisories/41918/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41918/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41918 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in DeluxeBB, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "xthedateformat" parameter to misc.php (when "sub" is set to "register") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerability is confirmed in version 1.3. Other versions may also be affected. SOLUTION: Apply patch (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22641: http://www.htbridge.ch/advisory/sql_injection_in_deluxebb.html DeluxeBB: http://www.deluxebb.com/community/topic.php?tid=993 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 20 12:28:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Oct 2010 21:28:27 +0200 Subject: [SEC] [SA41921] Explzh Insecure Executable Loading Vulnerability Message-ID: <201010201928.o9KJSR96004377@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Explzh Insecure Executable Loading Vulnerability SECUNIA ADVISORY ID: SA41921 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41921/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41921 RELEASE DATE: 2010-10-20 DISCUSS ADVISORY: http://secunia.com/advisories/41921/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41921/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41921 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Explzh, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading an executable file in an insecure manner and can be exploited by tricking a user into e.g. opening a ZIP or LZH file located on a remote SMB share. Successful exploitation may allow execution of arbitrary code, but requires that the application during installation was configured to be associated with e.g. ZIP or LZH files (non-default option). The vulnerability is reported in versions prior to 5.68. SOLUTION: Update to version 5.68. PROVIDED AND/OR DISCOVERED BY: JVN credits Mr. Makoto. ORIGINAL ADVISORY: http://www.ponsoftware.com/archiver/explzh/explzh.htm OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 20 13:28:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Oct 2010 22:28:46 +0200 Subject: [SEC] [SA41881] Ubuntu update for kernel Message-ID: <201010202028.o9KKSkCu027075@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Ubuntu update for kernel SECUNIA ADVISORY ID: SA41881 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41881/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41881 RELEASE DATE: 2010-10-20 DISCUSS ADVISORY: http://secunia.com/advisories/41881/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41881/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41881 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for the kernel. This fixes some weaknesses, security issues, and vulnerabilities, which can be exploited by malicious, local users to disclose system and potentially sensitive information, conduct spoofing attacks, bypass certain security restrictions, cause a DoS (Denial of Service), and gain escalated privileges, and by malicious people to cause a DoS and potentially compromise a vulnerable system. For more information: SA37590 SA38499 SA39490 SA39982 SA40205 SA40691 SA40965 SA41234 SA41245 SA41263 SA41284 SA41378 SA41493 SA41650 SA41693 1) Errors within the implementation of the External Data Representation (XDR) for NFSv4 can be exploited to cause a kernel panic and potentially execute arbitrary code by sending specially crafted compound requests to the NFSv4 server. 2) An error within the GFS2 file system when handing certain rename operations can be exploited to cause a kernel crash. 3) An error within the SCTP implementation can be exploited to cause a crash by sending specially crafted network traffic. 4) An error within the SCTP implementation when handling HMAC calculations can be exploited to cause a crash by sending specially crafted network traffic. 5) An error within the RDS implementation can be exploited to execute arbitrary code with kernel privileges. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Neil Brown 2) Bob Peterson 3) Thomas Dreibholz 4, 5) Dan Rosenberg ORIGINAL ADVISORY: USN-1000-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-October/001181.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 20 14:22:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Oct 2010 23:22:13 +0200 Subject: [SEC] [SA41817] sNews Cross-Site Request Forgery Vulnerability Message-ID: <201010202122.o9KLMDpE017047@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: sNews Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA41817 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41817/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41817 RELEASE DATE: 2010-10-20 DISCUSS ADVISORY: http://secunia.com/advisories/41817/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41817/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41817 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in sNews, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without properly validating the requests. This can be exploited to e.g. change the administrator's username and password by tricking a logged-in administrator into visiting a malicious web site. NOTE: This can further be exploited to conduct script insertion attacks. The vulnerability is confirmed in version 1.7. Other versions may also be affected. SOLUTION: Do not browse untrusted web sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: HTBridge Additional information provided by Secunia Research. ORIGINAL ADVISORY: HTB22637: http://www.htbridge.ch/advisory/xss_vulnerability_in_snews.html HTB22638: http://www.htbridge.ch/advisory/xss_vulnerability_in_snews_1.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 20 14:43:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Oct 2010 23:43:12 +0200 Subject: [SEC] [SA41901] HP AssetCenter / AssetManager Cross-Site Scripting Vulnerability Message-ID: <201010202143.o9KLhCvu005560@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: HP AssetCenter / AssetManager Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA41901 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41901/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41901 RELEASE DATE: 2010-10-20 DISCUSS ADVISORY: http://secunia.com/advisories/41901/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41901/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41901 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP AssetCenter and AssetManager, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in the following products: * AssetCenter 5.0x version AC_5.03 and earlier for AIX, Linux, Solaris and Windows. * AssetManager 5.1x version AM_5.12 and earlier for AIX, HP-UX, Linux, Solaris and Windows. * AssetManager 5.2x version AM_5.22 and earlier for AIX, HP-UX, Linux, Solaris and Windows. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02596 SSRT100271: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02535850 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 20 14:57:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 20 Oct 2010 23:57:23 +0200 Subject: [SEC] [SA41908] HP Systems Insight Manager Multiple Vulnerabilities Message-ID: <201010202157.o9KLvNE3026167@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: HP Systems Insight Manager Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41908 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41908/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41908 RELEASE DATE: 2010-10-20 DISCUSS ADVISORY: http://secunia.com/advisories/41908/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41908/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41908 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in HP Systems Insight Manager, which can be exploited by malicious users to gain escalated privileges and by malicious people to conduct cross-site scripting, cross-site request forgery, click-jacking attacks, or compromise a user's system. 1) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform an unspecified action if a logged-in user visits a malicious web site. 2) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) An unspecified error can be exploited by authenticated users to escalate privileges. NOTE: Additionally, multiple vulnerabilities have been acknowledged in the bundled version of Adobe Flash player. For more information: SA40907 The vulnerabilities are reported in versions prior to 6.2 running on HP-UX, Linux, and Windows platforms. SOLUTION: Update to version 6.2. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02591 SSRT100299: https://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02549477 HPSBMA02592 SSRT100300: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02549485 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 20 15:23:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Oct 2010 00:23:41 +0200 Subject: [SEC] [SA41906] Red Hat update for thunderbird Message-ID: <201010202223.o9KMNfxN015038@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Red Hat update for thunderbird SECUNIA ADVISORY ID: SA41906 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41906/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41906 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41906/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41906/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41906 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges, and by malicious people to potentially compromise a user's system. For more information: SA41890 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0780-1: https://rhn.redhat.com/errata/RHSA-2010-0780.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 20 15:44:56 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Oct 2010 00:44:56 +0200 Subject: [SEC] [SA41911] Red Hat update for seamonkey Message-ID: <201010202244.o9KMiuIT003540@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Red Hat update for seamonkey SECUNIA ADVISORY ID: SA41911 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41911/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41911 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41911/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41911/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41911 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for seamonkey. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges, and by malicious people to conduct spoofing attacks, bypass certain security restrictions, conduct cross-site scripting attacks, and potentially compromise a user's system. For more information: SA41923 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0781-1: http://rhn.redhat.com/errata/RHSA-2010-0781.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 20 16:10:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Oct 2010 01:10:25 +0200 Subject: [SEC] [SA41897] FishEye Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201010202310.o9KNAPlu024687@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: FishEye Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA41897 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41897/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41897 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41897/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41897/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41897 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in FishEye, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Certain input passed to the Code Metrics Report plugin is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session. 2) Certain input passed to the revision ID parameters when viewing annotated views is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session. The vulnerabilities are reported in versions prior to 2.3.7 and 2.4. SOLUTION: Update to version 2.3.7 or 2.4. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-10-20 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 20 16:24:15 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Oct 2010 01:24:15 +0200 Subject: [SEC] [SA41890] Mozilla Thunderbird Multiple Vulnerabilities Message-ID: <201010202324.o9KNOFBp012872@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Mozilla Thunderbird Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41890 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41890/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41890 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41890/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41890/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41890 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious, local users to gain escalated privileges, and by malicious people to conduct spoofing attacks, bypass certain security restrictions, and potentially compromise a user's system. For more information: SA41244 SOLUTION: Update to version 3.0.9 or 3.1.5. ORIGINAL ADVISORY: Mozilla: http://www.mozilla.org/security/announce/2010/mfsa2010-64.html http://www.mozilla.org/security/announce/2010/mfsa2010-65.html http://www.mozilla.org/security/announce/2010/mfsa2010-66.html http://www.mozilla.org/security/announce/2010/mfsa2010-67.html http://www.mozilla.org/security/announce/2010/mfsa2010-69.html http://www.mozilla.org/security/announce/2010/mfsa2010-70.html http://www.mozilla.org/security/announce/2010/mfsa2010-71.html http://www.mozilla.org/security/announce/2010/mfsa2010-72.html ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-219/ Westpoint Limited: http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 20 16:44:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Oct 2010 01:44:03 +0200 Subject: [SEC] [SA41920] Archive Decoder Insecure Executable Loading Vulnerability Message-ID: <201010202344.o9KNi3at001269@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Archive Decoder Insecure Executable Loading Vulnerability SECUNIA ADVISORY ID: SA41920 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41920/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41920 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41920/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41920/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41920 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Archive Decoder, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading "explorer.exe" in an insecure manner and can be exploited by tricking a user into e.g. opening a ZIP file located on a remote SMB share. Successful exploitation may allow execution of arbitrary code, but requires that files are opened via the Windows Explorer "Open With" menu. The vulnerability is reported in version 1.23. Other versions may also be affected. SOLUTION: Update to version 1.24. PROVIDED AND/OR DISCOVERED BY: JVN credits Mr. Makoto. ORIGINAL ADVISORY: http://www.ponsoftware.com/archiver/explzh/arcdec.htm OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 20 17:11:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Oct 2010 02:11:48 +0200 Subject: [SEC] [SA41923] Mozilla SeaMonkey Multiple Vulnerabilities Message-ID: <201010210011.o9L0BmBY022562@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Mozilla SeaMonkey Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41923 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41923/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41923 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41923/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41923/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41923 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Mozilla SeaMonkey, which can be exploited by malicious, local users to gain escalated privileges, and by malicious people to conduct spoofing attacks, bypass certain security restrictions, conduct cross-site scripting attacks, and potentially compromise a user's system. For more information: SA41244 SOLUTION: Update to version 2.0.9. ORIGINAL ADVISORY: Mozilla: http://www.mozilla.org/security/announce/2010/mfsa2010-64.html http://www.mozilla.org/security/announce/2010/mfsa2010-65.html http://www.mozilla.org/security/announce/2010/mfsa2010-66.html http://www.mozilla.org/security/announce/2010/mfsa2010-67.html http://www.mozilla.org/security/announce/2010/mfsa2010-68.html http://www.mozilla.org/security/announce/2010/mfsa2010-69.html http://www.mozilla.org/security/announce/2010/mfsa2010-70.html http://www.mozilla.org/security/announce/2010/mfsa2010-71.html http://www.mozilla.org/security/announce/2010/mfsa2010-72.html ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-219/ Westpoint Limited: http://www.westpoint.ltd.uk/advisories/wp-10-0001.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 20 17:43:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Oct 2010 02:43:36 +0200 Subject: [SEC] [SA41804] Netgear CG3000/CG3100 Cable Gateway Security Bypass and Denial of Service Message-ID: <201010210043.o9L0ha9r011564@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Netgear CG3000/CG3100 Cable Gateway Security Bypass and Denial of Service SECUNIA ADVISORY ID: SA41804 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41804/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41804 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41804/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41804/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41804 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Alejandro Alvarez has reported some vulnerabilities in Netgear CG3000/CG3100 Cable Gateway, which can be exploited by malicious users and malicious people to bypass certain security restrictions and by malicious people to cause a DoS (Denial of Service). 1) An error in the handling of access permissions can be exploited by a logged in user to load the interface of the "NETGEAR_SE" user. 2) An error in the device does not verify the SSH passwords for the "NETGEAR_SE" and "MSO" users and can be exploited to SSH to device by providing a blank password. 3) An error in the print server can be exploited to reset the device via specially crafted packet sent to TCP ports 1024 or 9100. SOLUTION: Use the device in trusted network environments only. PROVIDED AND/OR DISCOVERED BY: Alejandro Alvarez ORIGINAL ADVISORY: Alejandro Alvarez: http://archives.neohapsis.com/archives/fulldisclosure/2010-10/0198.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 20 17:57:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Oct 2010 02:57:44 +0200 Subject: [SEC] [SA40911] PhreeBooks Multiple Vulnerabilities Message-ID: <201010210057.o9L0vidK032160@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: PhreeBooks Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40911 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40911/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40911 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/40911/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40911/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40911 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered multiple vulnerabilities in PhreeBooks, which can be exploited by malicious users to conduct script insertion attacks, SQL injection attacks, and disclose sensitive information and by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Input passed via arbitrary parameters to index.php (when "cat", "module", and "subject" are set) is not properly sanitised in the "gen_get_all_get_params()" function in modules/general/functions/gen_functions.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "search_text" parameter to index.php (when "cat" and "module" are set) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed via the "date_from" and "date_to" parameters to index.php (when "cat" is set to "general" and "module" is set to "search") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 4) Input passed via the "search_field" parameter to includes/addons/PhreeHelp/leftframe.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 5) Input passed via the "img" parameter to index.php (when "cat" is set to "inventory" and "module" is set to "popup_image") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 6) Input passed to the "form" parameter in modules/services/pages/popup_shipping/js_include.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 7) Input passed via the "index" parameter to index.php (when "cat" is set to "services" and "module" is set to "popup_label_button") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 8) Input passed via the "my_note" parameter to index.php (when "my_note_submit" is set to "Add" and "module_id" is set to "my_notes") is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 9) Input passed via the "search_field" parameter to includes/addons/PhreeHelp/leftframe.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled. 10) Input passed to the "idx" parameter in includes/addons/PhreeHelp/index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled. 11) Input passed via the "tpl" parameter to index.php (when "cat" and "module" are set) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled. 12) Input passed via the "cID" and "oID" parameters to index.php (when "cat" is set to "orders", "module" is set to "ajax", and "op" is set to "load_order") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 13) Input passed via the "search_period" parameter to index.php (when "cat" is set to "banking", "module" is set to "popup_bills", and "jID" is set) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 14) Input passed via the "search_period" parameter to index.php (when "cat" is set to "orders", "module" is set to "popup_orders", "form" is set to "orders" and "jID" is set) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 15) Input passed via the "search_period" parameter to index.php (when "cat" is set to "orders" and "module" is set to "inv_mgr") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires "Read Only" permissions for "Invoice Manager" in the "Customers" section. 16) Input passed via the "search_period" parameter to index.php (when "cat" is set to "banking" and "module" is set to "reconciliation") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires "Read Only" permissions for "Account Reconciliation" in the "Banking" section. 17) Input passed via the "search_period" parameter to index.php (when "cat" is set to "orders" and "module" is set to "status", and jID is set) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires "Read Only" permissions for "Sales Order Manager" in the "Customers" section. 18) Input passed via the "cID" parameter to index.php (when "cat" is set to "accounts", "module" is set to "ajax", and "op" is set to "load_contact") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 19) Input passed via the "guess" parameter to index.php (when "cat" is set to "accounts", "module" is set to "ajax", and "op" is set to "load_contact_info") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 20) Input passed via the "type" parameter to index.php (when "cat" is set to "accounts" and "module" is set to "popup_accts") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. 21) Input passed via the "pID" parameter to index.php (when "cat" is set to "general" and "module" is set to "ctl_panel") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. 22) Input passed via the "sID" parameter to index.php (when "cat" is set to "setup", "module" is set to "popup_setup", and "subject" is set to "zones", "countries", "inv_tabs", "tax_auths_vend", "tax_rates_vend", or "tax_rate") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 23) Input passed via the "sID" parameter to index.php (when "cat" is set to "setup", "module" is set to "popup_setup", and "subject" is set to "departments", "project_phases", "chart_of_accounts", "currency", "dept_types", or "project_costs") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. 24) Input passed via the "iID", "upc", and "sku" parameters to index.php (when "cat" is set to "inventory", "module" is set to "ajax", "op" is set to "inv_details" and "fID" is set) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 25) Input passed via the "cID" and "sku" parameters to index.php ("cat" is set to "inventory", "module" is se to "main" and "action" is set) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires "Edit" permissions for "Edit/Maintain" in the "Inventory" section. 26) Input passed via the "cID" parameter to index.php (when "cat" is set to "inventory", "module" is set to "popup_inv", and "f2" is set) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 27) Input passed via the "sku" parameter to index.php (when "cat" is set to "inventory", "module" is set to "popup_prices") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. 28) Input passed via the "psID" parameter to index.php (when "cat" is set to "services", "module" is set to "price_sheets", "action" is set to "revise") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires "Edit" permissions for "Price Sheet Manager" in the "Customers" section. 29) Input passed via the "rID" parameter to index.php (when "cat" is set to "gen_ledger", "module" is set to "ajax", and "op" is set to "load_record") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 30) Input passed via the "rID" parameter to index.php (when "cat" is set to "reportwriter", "module" is set to "ajax", and "op" is set to "load_email_msg") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. 31) Input passed via the "ReportID" parameter to index.php (when "cat" is set to "reportwriter" and "module" is set to "form_gen", "rpt_gen", or "builder") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires "Read Only" permissions for "Reports" in the "Tools" section. 32) Input passed via the "short_name" parameter to index.php (when "cat" is set to "accounts", "module" is set to "main", and "type" is set to "i") when adding or editing a contact is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires "Add" permissions for "PhreeCRM" in the "Customers" section and that "magic_quotes_gpc" is disabled. 33) Input passed via the "my_note" parameter to index.php (when "my_note_submit" is set to "Add" and "module_id" is set to "my_notes") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. 34) Input passed via the "my_title" and "my_url" parameters to index.php (when "my_personal_links" is set to "Add" and "module_id" is set to "personal_links") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. 35) Input passed via the "type" and "guess" parameters to index.php (when "cat" is set to "orders", "module" is set to "ajax", and "op" is set to "load_searches") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 36) Input passed via the "gl_acct_id" parameter to index.php (when "cat" is set to "banking", "module" is set to "ajax", and "op" is set to "acct_balance") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 37) Input passed via the "cID" and "bID" parameters to index.php (when "cat" is set to banking", "module" is set to "ajax", and "op" is set to "load_bill") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 38) Input passed via the "contact_id" parameter to index.php (when "cat" is set to "banking", "module" is set to "ajax", and "op" is set to "stored_payments") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 39) Input passed via the "jID" parameter to index.php (when "cat" is set to "banking" and "module" is set to "popup_bills") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 40) Input passed via the "db" parameter to soap/application_top.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation requires that "magic_quotes_gpc" is disabled. 41) Input passed via the "module" parameter to index.php (when "cat" is set) is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation requires that "magic_quotes_gpc" is disabled. 42) Input passed via the "op" parameter to index.php (when "cat" is set and "module" is set to "ajax") is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation requires that "magic_quotes_gpc" is disabled. 43) Input passed via the "subject" parameter to index.php (when "cat" is set to "setup" and "module" is set to "popup_setup") is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation requires that "magic_quotes_gpc" is disabled. 44) Input passed via the "subject" parameter to index.php (when "cat" is set to "services" and "module" is set to "popup_tracking") is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation requires that "magic_quotes_gpc" is disabled. 45) Input passed via the "subject" parameter to index.php (when "cat" is set to "services" and "module" is set to "popup_label_mgr") is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation requires "Read Only" permissions for "Shipping Manager" in the "Tools" section and that "magic_quotes_gpc" is disabled. The vulnerabilities are confirmed in version 2.1. Other versions may also be affected. SOLUTION: Use another product. PROVIDED AND/OR DISCOVERED BY: Secunia Research ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2010-121/ http://secunia.com/secunia_research/2010-122/ http://secunia.com/secunia_research/2010-123/ http://secunia.com/secunia_research/2010-124/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 20 18:22:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Oct 2010 03:22:32 +0200 Subject: [SEC] [SA41922] MASS Music Player Insecure Library Loading Vulnerability Message-ID: <201010210122.o9L1MWfL020850@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: MASS Music Player Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41922 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41922/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41922 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41922/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41922/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41922 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in MASS Music Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application bundling a vulnerable version of the Qt library, which loads libraries (e.g. wintab32.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a WAV file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. For more information: SA41537 The vulnerability is confirmed in version 2.1. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Mister Teatime OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 20 18:43:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Oct 2010 03:43:48 +0200 Subject: [SEC] [SA41888] Google Chrome Multiple Vulnerabilities Message-ID: <201010210143.o9L1hmuK009389@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41888 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41888/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41888 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41888/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41888/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41888 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Google Chrome, where some have unknown impacts and others can can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, and potentially compromise a user's system. 1) An unspecified error can be exploited to conduct "autofill / autocomplete profile spamming". 2) An unspecified error related to forms can be exploited to e.g. cause a crash. 3) An unspecified error related to form autofills can be exploited to e.g. cause a crash. 4) An unspecified error related to page unloads can be exploited to conduct URL spoofing attacks. 5) An unspecified error allows to bypass the pop-up blocker. 6) An unspecified error related to a shutdown with Web Sockets can be exploited to e.g. cause a crash. 7) An unspecified error exists within the generation of the PATH variable. Note: This only affects the Linux version. 8) An unspecified error related to animated GIFs can be exploited to cause a memory corruption. 9) An unspecified error exists within the sandboxing of worker processes. Note: This only affects the Linux version. 10) An unspecified error exists due to "stale elements in an element map". SOLUTION: Fixed in version 7.0.517.41. PROVIDED AND/OR DISCOVERED BY: 1) Inferno, Google Chrome Security Team 2, 3, 6) Chromium development community 4) Independently discovered by kuzzcc and Jordi Chancel 5) kuzzcc 7) Dan Rosenberg, Virtual Security Research 8) Simon Schaak 9) Chris Evans, Google Chrome Security Team 10) Michal Zalewski, Google Security Team ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2010/10/stable-channel-update.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 20 19:13:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Oct 2010 04:13:32 +0200 Subject: [SEC] [SA41856] Ubuntu update for webkit Message-ID: <201010210213.o9L2DWKt031181@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Ubuntu update for webkit SECUNIA ADVISORY ID: SA41856 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41856/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41856 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41856/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41856/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41856 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for webkit. This fixes multiple vulnerabilities, some of which have an unknown impact while others can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct spoofing or cross-site scripting attacks, and potentially compromise a user's system. For more information: SA36677 SA37346 SA37769 SA37931 SA38545 SA38932 SA39091 SA39651 SA40105 SA40196 SA40479 SA40664 SA41014 SA41085 SA41242 SA41328 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1006-1: http://www.ubuntu.com/usn/usn-1006-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 20 19:43:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Oct 2010 04:43:17 +0200 Subject: [SEC] [SA41912] Red Hat update for firefox Message-ID: <201010210243.o9L2hHsI020089@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Red Hat update for firefox SECUNIA ADVISORY ID: SA41912 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41912/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41912 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41912/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41912/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41912 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for firefox. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct spoofing attacks, bypass certain security restrictions, conduct cross-site scripting attacks, and potentially compromise a user's system. For more information: SA41244 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0782-1: https://rhn.redhat.com/errata/RHSA-2010-0782.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 20 19:55:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Oct 2010 04:55:21 +0200 Subject: [SEC] [SA41900] Innominate mGuard Privilege Escalation Vulnerability Message-ID: <201010210255.o9L2tLTg008201@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Innominate mGuard Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA41900 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41900/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41900 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41900/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41900/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41900 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Innominate has acknowledged a vulnerability in Innominate mGuard, which can be exploited by malicious, local users to gain escalated privileges. For more information see vulnerability #1: SA40965 The vulnerability is reported in versions prior to 7.2.0. SOLUTION: Update to version 7.2.0. ORIGINAL ADVISORY: http://www.innominate.com/images/stories/documents/manuals/releasenotes_mguard_720_en.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 20 20:08:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Oct 2010 05:08:16 +0200 Subject: [SEC] [SA41840] Debian update for typo3-src Message-ID: <201010210308.o9L38GgP028743@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Debian update for typo3-src SECUNIA ADVISORY ID: SA41840 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41840/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41840 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41840/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41840/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41840 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for typo3-src. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks, disclose sensitive information, and perform certain actions with escalated privileges and by malicious people to conduct cross-site scripting attacks and disclose sensitive information. For more information: SA41691 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA 2121-1: http://lists.debian.org/debian-security-announce/2010/msg00171.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 20 20:22:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Oct 2010 05:22:10 +0200 Subject: [SEC] [SA41909] Red Hat update for kernel Message-ID: <201010210322.o9L3MAqj016940@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Red Hat update for kernel SECUNIA ADVISORY ID: SA41909 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41909/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41909 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41909/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41909/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41909 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for the kernel. This fixes some weaknesses and a vulnerability, which can be exploited by malicious, local users to disclose system and potentially sensitive information. For more information: SA41245 SA41284 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010-0779: http://rhn.redhat.com/errata/RHSA-2010-0779.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 20 20:43:08 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Oct 2010 05:43:08 +0200 Subject: [SEC] [SA41877] Ubuntu update for poppler Message-ID: <201010210343.o9L3h8vl005446@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Ubuntu update for poppler SECUNIA ADVISORY ID: SA41877 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41877/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41877 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41877/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41877/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41877 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for poppler. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA41596 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1005-1: http://www.ubuntu.com/usn/usn-1005-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 20 20:55:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Oct 2010 05:55:25 +0200 Subject: [SEC] [SA41825] phpCheckZ "id" SQL Injection Vulnerability Message-ID: <201010210355.o9L3tP0C025968@CRON-IX-2.intnet> ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: phpCheckZ "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA41825 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41825/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41825 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41825/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41825/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41825 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in phpCheckZ, which can be exploited by malicious users to conduct SQL injection attacks. Input passed via the "id" parameter to chart.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerability is confirmed in version 1.1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Salvatore Fresta ORIGINAL ADVISORY: Salvatore Fresta: http://adv.salvatorefresta.net/phpCheckZ_1.1.0_Blind_SQL_Injection_Vulnerability-19102010.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 21 10:28:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Oct 2010 19:28:14 +0200 Subject: [SEC] [SA41892] NetBSD Denial of Service and Privilege Escalation Vulnerabilities Message-ID: <201010211728.o9LHSE4e011620@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: NetBSD Denial of Service and Privilege Escalation Vulnerabilities SECUNIA ADVISORY ID: SA41892 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41892/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41892 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41892/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41892/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41892 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in NetBSD, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges. 1) The "larn" game does not properly handling SETGID permissions, which can be exploited to e.g. modify files in the "/var/games" directory with privileges of the "games" group. 2) A signedness error in the "SMBIOC_OPENSESSION" ioctl of the netsmb file system kernel module can be exploited to cause the kernel to allocate large memory buffers and exhaust all memory. SOLUTION: Fixed in the CVS repository (please see the vendor advisory for details). PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) David A. Holland. 2) Dan J. Rosenberg ORIGINAL ADVISORY: http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-009.txt.asc http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-010.txt.asc OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 21 11:28:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Oct 2010 20:28:35 +0200 Subject: [SEC] [SA41392] RealPage Module Upload ActiveX Control Multiple Vulnerabilities Message-ID: <201010211828.o9LISZYt001859@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: RealPage Module Upload ActiveX Control Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41392 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41392/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41392 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41392/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41392/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41392 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered some vulnerabilities in RealPage Module Upload ActiveX Control, which can be exploited by malicious people to gain knowledge of sensitive information or compromise a user's system. 1) A combination of the unsafe "Upload()" method and the "SourceFile" and "DestURL" properties allows uploading arbitrary files from a user's system to a web server. 2) A boundary error when handling the "SourceFile" property can be exploited to cause a heap-based buffer overflow by setting an overly long property value. 3) A boundary error when handling the "DestURL" property can be exploited to cause a stack-based buffer overflow by setting an overly long property value. Successful exploitation of this vulnerability allows execution of arbitrary code. The vulnerabilities are confirmed in version 1.0.0.9. Other versions may also be affected. SOLUTION: Set the kill-bit for the affected ActiveX control. PROVIDED AND/OR DISCOVERED BY: Secunia Research ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2010-118/ http://secunia.com/secunia_research/2010-119/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 21 12:28:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Oct 2010 21:28:28 +0200 Subject: [SEC] [SA41930] Ruby on Rails Nested Attribute Handling Vulnerability Message-ID: <201010211928.o9LJSS9j024581@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ruby on Rails Nested Attribute Handling Vulnerability SECUNIA ADVISORY ID: SA41930 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41930/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41930 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41930/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41930/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41930 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Ruby on Rails, which can be exploited by malicious people to manipulate certain data. The vulnerability is caused due to an input validation error when handling nested attributes, which can be exploited to manipulate arbitrary records by e.g. changing form input parameter names. The vulnerability is reported in versions 2.3.9 and 3.0.0. Versions prior to 2.3.9 are not affected. SOLUTION: Update to version 2.3.10 and 3.0.1 or apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Matti Paksula and Juha Suuraho, Enemy & Sons Ltd. ORIGINAL ADVISORY: http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 21 13:28:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Oct 2010 22:28:30 +0200 Subject: [SEC] [SA41925] Fedora update for java-1.6.0-openjdk Message-ID: <201010212028.o9LKSUBQ014866@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for java-1.6.0-openjdk SECUNIA ADVISORY ID: SA41925 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41925/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41925 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41925/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41925/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41925 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for java-1.6.0-openjdk. This fixes multiple vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, and compromise a vulnerable system. For more information: SA41791 SOLUTION: Apply updated packages using the yum utility ("yum update java-1.6.0-openjdk"). ORIGINAL ADVISORY: FEDORA-2010-16240: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 21 14:22:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Oct 2010 23:22:25 +0200 Subject: [SEC] [SA41928] TeraPad Insecure Library Loading Vulnerability Message-ID: <201010212122.o9LLMPXf004850@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: TeraPad Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41928 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41928/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41928 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41928/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41928/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41928 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in TeraPad, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. atoklib.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a TXT or HTML file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code, but requires that files are opened via the Windows Explorer "Open With" menu. The vulnerability is confirmed in version 0.93. Other versions may also be affected. SOLUTION: Upgrade to version 1.00. PROVIDED AND/OR DISCOVERED BY: JVN credits Mr. Makoto. ORIGINAL ADVISORY: http://www5f.biglobe.ne.jp/~t-susumu/dl/tpad/History.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 21 14:43:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Oct 2010 23:43:04 +0200 Subject: [SEC] [SA41841] libsmi "smiGetNode()" Buffer Overflow Vulnerability Message-ID: <201010212143.o9LLh4AN025757@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: libsmi "smiGetNode()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA41841 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41841/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41841 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41841/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41841/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41841 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Andres Lopez Luksenberg has reported a vulnerability in libsmi, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to a boundary error in the "smiGetNode()" function within lib/smi.c when processing an Object Identifier (OID) in string-dotted notation and can be exploited to cause a stack-based buffer overflow via an overly long specially crafted string. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 0.4.8. Other versions may also be affected. SOLUTION: Fixed in the SVN repository. PROVIDED AND/OR DISCOVERED BY: Andres Lopez Luksenberg, Core Security Technologies. ORIGINAL ADVISORY: http://www.coresecurity.com/content/libsmi-smigetnode-buffer-overflow OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 21 14:58:45 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 21 Oct 2010 23:58:45 +0200 Subject: [SEC] [SA41927] Apsaly Insecure Executable Loading Vulnerability Message-ID: <201010212158.o9LLwjt5014042@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apsaly Insecure Executable Loading Vulnerability SECUNIA ADVISORY ID: SA41927 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41927/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41927 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41927/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41927/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41927 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Apsaly, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading an executable file in an insecure manner and can be exploited by tricking a user into e.g. opening certain text files located on a remote WebDAV or SMB share. Successful exploitation may allow execution of arbitrary code, but requires that files are opened via the Windows Explorer "Open With" menu. The vulnerability is reported in versions prior to 3.74. SOLUTION: Update to version 3.74. PROVIDED AND/OR DISCOVERED BY: JVN credits Mr. Makoto. ORIGINAL ADVISORY: http://www.venus.dti.ne.jp/mw31/apsaly/Vulnerability.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 21 15:23:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Oct 2010 00:23:42 +0200 Subject: [SEC] [SA41916] Drupal Ubuntu Drupal Theme - Brown Information Disclosure Vulnerability Message-ID: <201010212223.o9LMNguS002819@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Drupal Ubuntu Drupal Theme - Brown Information Disclosure Vulnerability SECUNIA ADVISORY ID: SA41916 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41916/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41916 RELEASE DATE: 2010-10-22 DISCUSS ADVISORY: http://secunia.com/advisories/41916/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41916/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41916 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Ubuntu Drupal Theme - Brown theme for Drupal, which can be exploited by malicious people to disclose potentially sensitive information. Input passed via an unspecified parameter is not properly verified before being used to read files. This can be exploited to read the contents of arbitrary files from local resources via directory traversal sequences. The vulnerability is reported in versions prior to 6.x-8.1. SOLUTION: Update to version 6.x-8.1 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits Steve Foris. ORIGINAL ADVISORY: SA-CONTRIB-2010-100: http://drupal.org/node/947632 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 21 15:45:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Oct 2010 00:45:23 +0200 Subject: [SEC] [SA41919] Mono ASP.NET Cryptographic Padding Oracle Information Disclosure Message-ID: <201010212245.o9LMjNOc023789@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Mono ASP.NET Cryptographic Padding Oracle Information Disclosure SECUNIA ADVISORY ID: SA41919 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41919/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41919 RELEASE DATE: 2010-10-22 DISCUSS ADVISORY: http://secunia.com/advisories/41919/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41919/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41919 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Mono ASP.NET, which can be exploited by malicious people to disclose sensitive information. The vulnerability is caused due to improper error handling within ASP.NET during cryptographic padding verification with certain algorithms. This can be exploited to decrypt data, e.g. the View State, via returned error codes from an affected server. This is related to: SA41409 SOLUTION: Fixed in the GIT repository. PROVIDED AND/OR DISCOVERED BY: Juliano Rizzo and Thai Duong ORIGINAL ADVISORY: Mono: http://www.mono-project.com/Vulnerabilities#ASP.NET_Padding_Oracle Juliano Rizzo and Thai Duong: http://netifera.com/research/poet//PaddingOraclesEverywhereEkoparty2010.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 21 16:11:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Oct 2010 01:11:03 +0200 Subject: [SEC] [SA41893] Pidgin Multiple NULL Pointer Dereference Weaknesses Message-ID: <201010212311.o9LNB3BN012527@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Pidgin Multiple NULL Pointer Dereference Weaknesses SECUNIA ADVISORY ID: SA41893 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41893/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41893 RELEASE DATE: 2010-10-22 DISCUSS ADVISORY: http://secunia.com/advisories/41893/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41893/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41893 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple weaknesses have been reported in Pidgin, which can be exploited by malicious people to cause a DoS (Denial of Service). The weaknesses are caused due to a missing validation of the return value from the "purple_base64_decode()" function in the Yahoo!, MSN, MySpaceIM, and XMPP protocol plugins and the NTLM authentication support. This can be exploited to cause a NULL pointer dereference error and crash the process via specially crafted Base64 encoded messages. The weaknesses are reported in versions prior to 2.7.4. SOLUTION: Update to version 2.7.4. PROVIDED AND/OR DISCOVERED BY: The vendor credits Daniel Atallah. ORIGINAL ADVISORY: http://www.pidgin.im/news/security/?id=48 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 21 16:43:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Oct 2010 01:43:25 +0200 Subject: [SEC] [SA41904] Red Hat update for quagga Message-ID: <201010212343.o9LNhPHS001508@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for quagga SECUNIA ADVISORY ID: SA41904 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41904/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41904 RELEASE DATE: 2010-10-22 DISCUSS ADVISORY: http://secunia.com/advisories/41904/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41904/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41904 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for quagga. This fixes multiple vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA26744 SA41038 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0785-1: https://rhn.redhat.com/errata/RHSA-2010-0785.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 21 16:57:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Oct 2010 01:57:24 +0200 Subject: [SEC] [SA41924] Fedora update for tuxguitar Message-ID: <201010212357.o9LNvO9q022148@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for tuxguitar SECUNIA ADVISORY ID: SA41924 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41924/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41924 RELEASE DATE: 2010-10-22 DISCUSS ADVISORY: http://secunia.com/advisories/41924/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41924/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41924 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for tuxguitar. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to the "/usr/bin/tuxguitar" script incorrectly setting the environment variable LD_LIBRARY_PATH. This can be exploited to gain escalated privileges e.g. by tricking a user into running the script in a directory containing a malicious library. SOLUTION: Apply updated packages using the yum utility ("yum update tuxguitar"). ORIGINAL ADVISORY: FEDORA-2010-15765: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049683.html FEDORA-2010-15783: https://admin.fedoraproject.org/updates/tuxguitar-1.2-3.fc13 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 21 17:22:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Oct 2010 02:22:29 +0200 Subject: [SEC] [SA41839] Ubuntu update for nss Message-ID: <201010220022.o9M0MT2s010862@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for nss SECUNIA ADVISORY ID: SA41839 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41839/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41839 RELEASE DATE: 2010-10-22 DISCUSS ADVISORY: http://secunia.com/advisories/41839/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41839/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41839 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for nss. This fixes two vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks. For more information: SA41244 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1007-1: http://www.ubuntu.com/usn/usn-1007-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 21 17:43:45 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Oct 2010 02:43:45 +0200 Subject: [SEC] [SA41905] Apple Mac OS X update for Java Message-ID: <201010220043.o9M0hjSq031796@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apple Mac OS X update for Java SECUNIA ADVISORY ID: SA41905 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41905/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41905 RELEASE DATE: 2010-10-22 DISCUSS ADVISORY: http://secunia.com/advisories/41905/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41905/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41905 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Apple has issued an update for Java for Mac OS X. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious users to cause a DoS (Denial of Service) and by malicious people to manipulate certain data and potentially compromise a user's system. For more information: SA37291 SA39762 1) An error when handling Mach RPC messages within updateSharingD can be exploited to execute code with privileges of another user who runs a Java application. 2) An error when handling Java applet window bounds can be exploited to corrupt memory via a specially crafted applet. Successful exploitation may allow execution of arbitrary code. SOLUTION: Apply updates. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Dino Dai Zovi. 2) Reported by the vendor. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4417 http://support.apple.com/kb/HT4418 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 21 18:08:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Oct 2010 03:08:25 +0200 Subject: [SEC] [SA41721] Ubuntu update for thunderbird Message-ID: <201010220108.o9M18PAv020486@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for thunderbird SECUNIA ADVISORY ID: SA41721 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41721/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41721 RELEASE DATE: 2010-10-22 DISCUSS ADVISORY: http://secunia.com/advisories/41721/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41721/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41721 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to bypass certain security restrictions and potentially compromise a user's system. For more information: SA41244 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-998-1: http://www.ubuntu.com/usn/usn-998-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 21 18:22:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Oct 2010 03:22:30 +0200 Subject: [SEC] [SA41895] Red Hat update for glibc Message-ID: <201010220122.o9M1MUxI008694@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for glibc SECUNIA ADVISORY ID: SA41895 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41895/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41895 RELEASE DATE: 2010-10-22 DISCUSS ADVISORY: http://secunia.com/advisories/41895/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41895/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41895 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for glibc. This fixes a weakness, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA41795 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0787-1: https://rhn.redhat.com/errata/RHSA-2010-0787.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 21 18:43:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Oct 2010 03:43:20 +0200 Subject: [SEC] [SA41759] Ubuntu update for firefox and xulrunner Message-ID: <201010220143.o9M1hKGg029594@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for firefox and xulrunner SECUNIA ADVISORY ID: SA41759 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41759/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41759 RELEASE DATE: 2010-10-22 DISCUSS ADVISORY: http://secunia.com/advisories/41759/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41759/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41759 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for firefox and xulrunner. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and potentially compromise a user's system. For more information: SA41244 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-997-1: http://www.ubuntu.com/usn/usn-997-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 21 18:55:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Oct 2010 03:55:36 +0200 Subject: [SEC] [SA41797] libguestfs Qemu Disk Format Specifier Weakness Message-ID: <201010220155.o9M1tal0017716@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: libguestfs Qemu Disk Format Specifier Weakness SECUNIA ADVISORY ID: SA41797 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41797/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41797 RELEASE DATE: 2010-10-22 DISCUSS ADVISORY: http://secunia.com/advisories/41797/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41797/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41797 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in libguestfs, which can be exploited by malicious, local users in a guest virtual machine to gain access to potentially sensitive information. The weakness is caused due to libguestfs not propagating the image format to Qemu, which can be exploited by a malicious guest using the raw image format to e.g. disclose files on the host system. SOLUTION: Do not use guests with raw image format. PROVIDED AND/OR DISCOVERED BY: Matthew Booth ORIGINAL ADVISORY: https://www.redhat.com/archives/libguestfs/2010-October/msg00036.html https://bugzilla.redhat.com/show_bug.cgi?id=643958 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 21 19:15:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Oct 2010 04:15:12 +0200 Subject: [SEC] [SA41898] Red Hat update for java-1.4.2-ibm Message-ID: <201010220215.o9M2FCcb006663@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for java-1.4.2-ibm SECUNIA ADVISORY ID: SA41898 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41898/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41898 RELEASE DATE: 2010-10-22 DISCUSS ADVISORY: http://secunia.com/advisories/41898/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41898/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41898 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for java-1.4.2-ibm. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, and compromise a vulnerable system. For more information: SA37291 SA41791 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0786-1: https://rhn.redhat.com/errata/RHSA-2010-0786.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 22 10:28:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Oct 2010 19:28:21 +0200 Subject: [SEC] [SA41949] Grani Insecure Library and Executable Loading Vulnerabilities Message-ID: <201010221728.o9MHSLcg002978@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Grani Insecure Library and Executable Loading Vulnerabilities SECUNIA ADVISORY ID: SA41949 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41949/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41949 RELEASE DATE: 2010-10-22 DISCUSS ADVISORY: http://secunia.com/advisories/41949/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41949/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41949 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Grani, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to the application loading libraries (e.g. d2d1.dll and dwrite.dll) and executables in an insecure manner. This can be exploited to load arbitrary libraries and executables by tricking a user into e.g. opening a HTML file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. SOLUTION: Update to version 4.4.0. PROVIDED AND/OR DISCOVERED BY: JVN credits Mr. Makoto. ORIGINAL ADVISORY: http://www.fenrir.co.jp/grani/note.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 22 11:29:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Oct 2010 20:29:05 +0200 Subject: [SEC] [SA41937] OpenFabrics Enterprise Distribution (OFED) "openibd" Insecure Temporary File Security Issue Message-ID: <201010221829.o9MIT5st025707@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: OpenFabrics Enterprise Distribution (OFED) "openibd" Insecure Temporary File Security Issue SECUNIA ADVISORY ID: SA41937 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41937/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41937 RELEASE DATE: 2010-10-22 DISCUSS ADVISORY: http://secunia.com/advisories/41937/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41937/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41937 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in OpenFabrics Enterprise Distribution (OFED), which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the "openibd" script using temporary files in an insecure manner, which can be exploited to e.g. overwrite arbitrary files via symlink attacks. The security issue is reported in version 1.5.2. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Reportedly discovered by Dale Talcott, NASA Ames ORIGINAL ADVISORY: http://lists.openfabrics.org/pipermail/ewg/2010-October/015886.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 22 12:28:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Oct 2010 21:28:16 +0200 Subject: [SEC] [SA41863] Odin Secure FTP Export Server Response Buffer Overflow Vulnerability Message-ID: <201010221928.o9MJSGZg015942@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Odin Secure FTP Export Server Response Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA41863 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41863/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41863 RELEASE DATE: 2010-10-22 DISCUSS ADVISORY: http://secunia.com/advisories/41863/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41863/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41863 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Odin Secure FTP Expert, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error when processing certain FTP server responses and can be exploited to cause a buffer overflow via an overly long, specially crafted LIST response. The vulnerability is reported in version 4.1. Other versions are also reported. SOLUTION: Do not connect to untrusted FTP servers. PROVIDED AND/OR DISCOVERED BY: rick2600 ORIGINAL ADVISORY: http://www.corelan.be:8800/index.php/2010/10/12/death-of-an-ftp-client/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 22 13:28:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Oct 2010 22:28:23 +0200 Subject: [SEC] [SA41939] Squirrelcart PHP Shopping Cart "prod_rn" SQL Injection Vulnerability Message-ID: <201010222028.o9MKSNcE006206@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Squirrelcart PHP Shopping Cart "prod_rn" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA41939 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41939/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41939 RELEASE DATE: 2010-10-22 DISCUSS ADVISORY: http://secunia.com/advisories/41939/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41939/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41939 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Squirrelcart PHP Shopping Cart, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "prod_rn" parameter to index.php (when "add_to_cart" is set) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in versions prior to 3.2.2. SOLUTION: Update to version 3.2.2 or later. PROVIDED AND/OR DISCOVERED BY: Salvatore Fresta ORIGINAL ADVISORY: Squirrelcart SC101022: http://www.squirrelcart.com/downloads.php Salvatore Fresta: http://adv.salvatorefresta.net/Squirrelcart_PRO_3.0.0_Blind_SQL_Injection_Vulnerability-21102010.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 22 14:22:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Oct 2010 23:22:35 +0200 Subject: [SEC] [SA41926] HP Virtual Connect Enterprise Manager Unspecified File Download Vulnerability Message-ID: <201010222122.o9MLMZRX028630@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HP Virtual Connect Enterprise Manager Unspecified File Download Vulnerability SECUNIA ADVISORY ID: SA41926 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41926/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41926 RELEASE DATE: 2010-10-22 DISCUSS ADVISORY: http://secunia.com/advisories/41926/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41926/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41926 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP Virtual Connect Enterprise Manager, which can be exploited by malicious people to disclose sensitive information. The vulnerability is caused due to an unspecified error, which can be exploited to download arbitrary files from an affected system. The vulnerability is reported in the following versions: * HP Virtual Connect Enterprise Manager (VCEM) v6.0 prior to Insight Software v6.0 Update 2. * HP Virtual Connect Enterprise Manager (VCEM) v6.1 prior to Insight Software v6.1 Update 2. SOLUTION: Update to VCEM 6.0 on Insight Software 6.0 update2, VCEM 6.1b on Insight Software 6.1 update2, or VCEM 6.2 on Insight Software 6.2. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02593 SSRT100237: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02550412 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 22 14:43:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Oct 2010 23:43:29 +0200 Subject: [SEC] [SA41947] YokkaSoft Products Insecure Executable Loading Vulnerability Message-ID: <201010222143.o9MLhTL2017144@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: YokkaSoft Products Insecure Executable Loading Vulnerability SECUNIA ADVISORY ID: SA41947 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41947/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41947 RELEASE DATE: 2010-10-22 DISCUSS ADVISORY: http://secunia.com/advisories/41947/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41947/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41947 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in YokkaSoft products, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the applications loading an executable file in an insecure manner and can be exploited by tricking a user into e.g. opening certain files located on a remote WebDAV or SMB share. The vulnerability is reported in the following products: * NoEditor version 1.33.1.1 and prior. * OuiEditor version 1.6.1.1 and prior. * UnEditor version 1.10.1.2 and prior. * DeuxEditor version 1.7.1.2 and prior. * SQLEditorXP version 3.14.1.2 and prior. * SQLEditorTE version 1.9.1.3 and prior. * SQLEditor8 version 3.8.1.2 and prior. * SQLEditorClassic version 1.8.1.3 and prior. SOLUTION: Reportedly fixed in the latest version. Contact the vendor for further information. PROVIDED AND/OR DISCOVERED BY: JVN credits Mr. Makoto. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 22 14:57:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 22 Oct 2010 23:57:39 +0200 Subject: [SEC] [SA41946] Sleipnir Insecure Library and Executable Loading Vulnerabilities Message-ID: <201010222157.o9MLvdIO005335@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Sleipnir Insecure Library and Executable Loading Vulnerabilities SECUNIA ADVISORY ID: SA41946 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41946/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41946 RELEASE DATE: 2010-10-22 DISCUSS ADVISORY: http://secunia.com/advisories/41946/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41946/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41946 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in Sleipnir, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to the application loading libraries (e.g. d2d1.dll and dwrite.dll) and executables in an insecure manner. This can be exploited to load arbitrary libraries and executables by tricking a user into e.g. opening a HTML file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. This vulnerabilities are confirmed in version 2.9.4. Other versions may also be affected. SOLUTION: Update to version 2.9.5. PROVIDED AND/OR DISCOVERED BY: JVN credits Mr. Makoto. ORIGINAL ADVISORY: http://www.fenrir-inc.com/global/sleipnir/note.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 22 15:23:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Oct 2010 00:23:28 +0200 Subject: [SEC] [SA41943] Ubuntu update for libvirt Message-ID: <201010222223.o9MMNSxI026580@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for libvirt SECUNIA ADVISORY ID: SA41943 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41943/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41943 RELEASE DATE: 2010-10-23 DISCUSS ADVISORY: http://secunia.com/advisories/41943/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41943/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41943 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for libvirt. This fixes a weakness and some vulnerabilities, which can be exploited by malicious, local users in a guest system to bypass certain security restrictions. For more information: SA40758 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1008-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-October/001185.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 22 15:45:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Oct 2010 00:45:29 +0200 Subject: [SEC] [SA41894] SAP BusinessObjects Multiple Vulnerabilities Message-ID: <201010222245.o9MMjTFT015143@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SAP BusinessObjects Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41894 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41894/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41894 RELEASE DATE: 2010-10-23 DISCUSS ADVISORY: http://secunia.com/advisories/41894/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41894/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41894 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and some vulnerabilities have been reported in SAP BusinessObjects, which can be exploited by malicious, local users to gain escalated privileges, by malicious users to cause a DoS (Denial of Service), and by malicious people to disclose sensitive information and conduct cross-site scripting attacks. 1) The "login" SOAP method in dswsbobje/services/session returns different response codes depending on the input passed via the "Login" parameter. This can be exploited to enumerate valid user accounts. 2) An error in the "GenerateCuids" SOAP method in dswsbobje/services/biplatformHTTP while creating CUIDs can be exploited to exhaust available resources by passing a large value via the "numCuids" parameter. 3) Input passed via the "modules" parameter to dswsbobje/axis2-admin/engagingglobally is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 4) The "CrystalReports/viewrpt.cwr" script allows connections to arbitrary hosts passed via the "apstoken" parameter, which can be exploited to perform port scans within potentially restricted networks. 5) An error in the "Central Configuration Manager" can be exploited to gain escalated privileges via the "Program Job Server". The weakness and the vulnerabilities are reported in version 3.2. Other versions may also be affected. SOLUTION: Filter malicious requests using a proxy. Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Joshua Abraham and Will Vandevanter, Rapid7. ORIGINAL ADVISORY: http://spl0it.org/files/talks/source_barcelona10/Hacking SAP BusinessObjects.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 22 16:10:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Oct 2010 01:10:37 +0200 Subject: [SEC] [SA41944] Internet Explorer "window.onerror" Information Disclosure Vulnerability Message-ID: <201010222310.o9MNAbpd003846@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Internet Explorer "window.onerror" Information Disclosure Vulnerability SECUNIA ADVISORY ID: SA41944 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41944/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41944 RELEASE DATE: 2010-10-23 DISCUSS ADVISORY: http://secunia.com/advisories/41944/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41944/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41944 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Chris Evans has reported a vulnerability in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an error within the handling of the "window.onerror" event, which can be exploited to disclose certain information from other web pages by e.g. including them as script and catching the error messages of the parser. The vulnerability is confirmed in Internet Explorer 7 and 8 on a fully patched Windows XP SP3 system. SOLUTION: Do not browse untrusted websites. PROVIDED AND/OR DISCOVERED BY: Chris Evans ORIGINAL ADVISORY: http://scarybeastsecurity.blogspot.com/2010/10/minor-leak-major-headache.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 22 16:24:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Oct 2010 01:24:54 +0200 Subject: [SEC] [SA41931] Sawmill Multiple Vulnerabilities Message-ID: <201010222324.o9MNOs2T024459@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Sawmill Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41931 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41931/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41931 RELEASE DATE: 2010-10-23 DISCUSS ADVISORY: http://secunia.com/advisories/41931/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41931/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41931 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: J. Greil has discovered multiple vulnerabilities in Sawmill, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks, disclose sensitive information, bypass certain security restrictions, and compromise a vulnerable system. 1) Insufficient validation of permissions when accessing template files can be exploited to e.g. reset the administrative password and modify profiles of other users. 2) Input passed via the URL (when "dp" is set to any value) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Lack of authentication when executing certain administrative tasks can be exploited to e.g. create administrative users, disclose contents of arbitrary files, and execute shell commands via certain action parameters specified in the URL. The vulnerabilities are confirmed in version 8.1.5.1. Other versions may also be affected. SOLUTION: Update to version 8.1.7.3. PROVIDED AND/OR DISCOVERED BY: J. Greil, SEC Consult ORIGINAL ADVISORY: SEC Consult: https://www.sec-consult.com/files/20101021-0_sawmill_multiple_critical_vulns.txt Sawmill: http://www.sawmill.net/version_history8.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 22 16:45:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Oct 2010 01:45:32 +0200 Subject: [SEC] [SA41936] iWiccle Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201010222345.o9MNjW3A012955@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: iWiccle Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA41936 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41936/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41936 RELEASE DATE: 2010-10-23 DISCUSS ADVISORY: http://secunia.com/advisories/41936/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41936/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41936 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in iWiccle, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "post_name", "post_text", "post_tag", and "post_member_name" (when "show" is set to "post_search" and "module" is set to e.g. "articles") and via the "member_username" and "member_tags" (when "module" is set to "members" and "show" is set to "member_search") parameters to index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in version 1.2.1.1. Prior versions may also be affected. SOLUTION: Update to version 1.3.0 or later. PROVIDED AND/OR DISCOVERED BY: Veerendra G.G, SecPod Technologies ORIGINAL ADVISORY: iWiccle: http://www.wiccle.com/news/backstage_news/iwiccle/post/iwiccle_cms_community_builder_130_releas SecPod Technologies: http://secpod.org/blog/?p=130 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 22 17:11:55 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Oct 2010 02:11:55 +0200 Subject: [SEC] [SA41942] Ubuntu update for libvirt and virtinst Message-ID: <201010230011.o9N0BtKS001676@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for libvirt and virtinst SECUNIA ADVISORY ID: SA41942 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41942/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41942 RELEASE DATE: 2010-10-23 DISCUSS ADVISORY: http://secunia.com/advisories/41942/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41942/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41942 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for libvirt and virtinst. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious, local users in a guest system to bypass certain security restrictions. For more information: SA40758 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1008-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-October/001185.html USN-1008-2: https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-October/001186.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 22 17:43:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Oct 2010 02:43:04 +0200 Subject: [SEC] [SA41899] Red Hat update for pidgin Message-ID: <201010230043.o9N0h4BH023099@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for pidgin SECUNIA ADVISORY ID: SA41899 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41899/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41899 RELEASE DATE: 2010-10-23 DISCUSS ADVISORY: http://secunia.com/advisories/41899/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41899/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41899 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for pidgin. This fixes multiple weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA39801 SA41893 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0788-1: https://rhn.redhat.com/errata/RHSA-2010-0788.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 22 17:55:06 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Oct 2010 02:55:06 +0200 Subject: [SEC] [SA41948] Sawmill Cross-Site Request Forgery Vulnerability Message-ID: <201010230055.o9N0t6lM011212@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Sawmill Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA41948 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41948/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41948 RELEASE DATE: 2010-10-23 DISCUSS ADVISORY: http://secunia.com/advisories/41948/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41948/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41948 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: J. Greil has discovered a vulnerability in Sawmill, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. create an arbitrary user with administrative privileges if a logged-in administrative user visits a malicious web site. The vulnerability is confirmed in version 8.1.5.1 and 8.1.7.3. Other versions may also be affected. SOLUTION: Do not browse untrusted sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: J. Greil, SEC Consult ORIGINAL ADVISORY: SEC Consult: https://www.sec-consult.com/files/20101021-0_sawmill_multiple_critical_vulns.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 22 18:08:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Oct 2010 03:08:20 +0200 Subject: [SEC] [SA41932] Adobe Shockwave Player Director File "rcsL" Chunk Parsing Vulnerability Message-ID: <201010230108.o9N18Krp031768@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Adobe Shockwave Player Director File "rcsL" Chunk Parsing Vulnerability SECUNIA ADVISORY ID: SA41932 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41932/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41932 RELEASE DATE: 2010-10-23 DISCUSS ADVISORY: http://secunia.com/advisories/41932/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41932/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41932 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Shockwave Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an array-indexing error in the handling of a certain record value in a "rcsL" chunk and can be exploited to use an arbitrary dword in memory as a function pointer via a specially crafted Director file. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 11.5.8.612. Other versions may also be affected. SOLUTION: Do not visit untrusted websites. PROVIDED AND/OR DISCOVERED BY: Abysssec ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/security/advisories/apsa10-04.html http://blogs.adobe.com/psirt/2010/10/security-advisory-for-adobe-shockwave-player-apsa10-04.html Abysssec: http://www.exploit-db.com/exploits/15296/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 22 18:22:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 23 Oct 2010 03:22:32 +0200 Subject: [SEC] [SA41934] pecio cms "term" Cross-Site Scripting Vulnerability Message-ID: <201010230122.o9N1MWxm019974@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: pecio cms "term" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA41934 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41934/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41934 RELEASE DATE: 2010-10-23 DISCUSS ADVISORY: http://secunia.com/advisories/41934/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41934/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41934 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in pecio cms, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "term" parameter to index.php (when "target" is set to "search") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 2.0.5. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Antu Sanadi, SecPod Technologies ORIGINAL ADVISORY: SecPod Technologies: http://secpod.org/blog/?p=137 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 25 10:29:50 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 25 Oct 2010 19:29:50 +0200 Subject: [SEC] [SA41990] ProShow Producer Insecure Library Loading Vulnerability Message-ID: <201010251729.o9PHToHu018976@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: ProShow Producer Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41990 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41990/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41990 RELEASE DATE: 2010-10-25 DISCUSS ADVISORY: http://secunia.com/advisories/41990/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41990/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41990 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in ProShow Producer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. kdclib32.dll and fpxacc.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a PSH file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 4.5.2949. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: APA-IUTcert Vulnerability Analysis Team OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 25 11:29:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 25 Oct 2010 20:29:40 +0200 Subject: [SEC] [SA41971] Fedora update for glibc Message-ID: <201010251829.o9PITe1F009248@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for glibc SECUNIA ADVISORY ID: SA41971 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41971/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41971 RELEASE DATE: 2010-10-25 DISCUSS ADVISORY: http://secunia.com/advisories/41971/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41971/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41971 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for glibc. This fixes a weakness, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA41795 SOLUTION: Apply updated packages using the yum utility ("yum update glibc"). ORIGINAL ADVISORY: FEDORA-2010-16594: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049730.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 25 12:29:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 25 Oct 2010 21:29:07 +0200 Subject: [SEC] [SA41940] Debian update for glibc Message-ID: <201010251929.o9PJT7qS031905@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Debian update for glibc SECUNIA ADVISORY ID: SA41940 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41940/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41940 RELEASE DATE: 2010-10-25 DISCUSS ADVISORY: http://secunia.com/advisories/41940/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41940/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41940 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for glibc. This fixes two weaknesses, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA41795 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: DSA 2122-1: http://www.us.debian.org/security/2010/dsa-2122 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 25 13:29:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 25 Oct 2010 22:29:22 +0200 Subject: [SEC] [SA41941] Ubuntu update for glibc Message-ID: <201010252029.o9PKTMwG022199@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for glibc SECUNIA ADVISORY ID: SA41941 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41941/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41941 RELEASE DATE: 2010-10-25 DISCUSS ADVISORY: http://secunia.com/advisories/41941/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41941/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41941 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for glibc. This fixes two weaknesses, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA41795 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1009-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-October/001187.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 25 14:23:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 25 Oct 2010 23:23:35 +0200 Subject: [SEC] [SA41988] Wondershare Flash Gallery Factory Insecure Library Loading Vulnerability Message-ID: <201010252123.o9PLNZ6n012222@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Wondershare Flash Gallery Factory Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41988 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41988/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41988 RELEASE DATE: 2010-10-25 DISCUSS ADVISORY: http://secunia.com/advisories/41988/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41988/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41988 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Wondershare Flash Gallery Factory, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a FSP file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 5.1.2 Deluxe. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: APA-IUTcert Vulnerability Analysis Team OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 25 14:44:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 25 Oct 2010 23:44:27 +0200 Subject: [SEC] [SA41954] Moodle phpMyAdmin Module Multiple Vulnerabilities Message-ID: <201010252144.o9PLiR0f000683@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Moodle phpMyAdmin Module Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41954 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41954/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41954 RELEASE DATE: 2010-10-25 DISCUSS ADVISORY: http://secunia.com/advisories/41954/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41954/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41954 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in the phpMyAdmin module for Moodle, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system. For more information: SA41000 SA41058 SOLUTION: Update to the latest version. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://moodle.org/mod/forum/discuss.php?d=160811 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 25 15:14:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 26 Oct 2010 00:14:05 +0200 Subject: [SEC] [SA41991] AutoPlay Media Studio Insecure Library Loading Vulnerability Message-ID: <201010252214.o9PME5q4022156@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: AutoPlay Media Studio Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41991 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41991/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41991 RELEASE DATE: 2010-10-25 DISCUSS ADVISORY: http://secunia.com/advisories/41991/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41991/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41991 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in AutoPlay Media Studio, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a AUTOPLAY file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 8.0.2.0. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: APA-IUTcert Vulnerability Analysis Team OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 25 15:46:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 26 Oct 2010 00:46:03 +0200 Subject: [SEC] [SA41980] Moodle phpCAS Multiple Vulnerabilities Message-ID: <201010252246.o9PMk39r011181@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Moodle phpCAS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41980 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41980/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41980 RELEASE DATE: 2010-10-26 DISCUSS ADVISORY: http://secunia.com/advisories/41980/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41980/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41980 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Moodle, which can be exploited by malicious users to perform certain actions with escalated privileges, hijack another user's session, and disclose sensitive information and by malicious people to conduct cross-site scripting attacks. The vulnerabilities are caused by use of a vulnerable version of phpCAS. For more information: SA40845 SA41655 The vulnerabilities are reported in versions prior to 1.9.10 and 1.8.14. SOLUTION: Update to version 1.9.10 or 1.8.14. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MSA-10-0016: http://moodle.org/mod/forum/discuss.php?d=160857 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 25 16:12:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 26 Oct 2010 01:12:04 +0200 Subject: [SEC] [SA41960] monotone Empty Command Strings Denial of Service Message-ID: <201010252312.o9PNC4Nu032348@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: monotone Empty Command Strings Denial of Service SECUNIA ADVISORY ID: SA41960 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41960/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41960 RELEASE DATE: 2010-10-26 DISCUSS ADVISORY: http://secunia.com/advisories/41960/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41960/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41960 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in monotone, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to an error when handling commands, which can be exploited to trigger a fatal error and terminate a monotone server by e.g. sending an empty command string. Note: Successful exploitation requires permissions to execute remote commands. The vulnerability is reported in versions prior to 0.48.1. SOLUTION: Update to version 0.48.1. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.monotone.ca/NEWS OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 25 16:44:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 26 Oct 2010 01:44:10 +0200 Subject: [SEC] [SA41970] Fedora update for ocsinventory-agent Message-ID: <201010252344.o9PNiAYG021360@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for ocsinventory-agent SECUNIA ADVISORY ID: SA41970 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41970/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41970 RELEASE DATE: 2010-10-26 DISCUSS ADVISORY: http://secunia.com/advisories/41970/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41970/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41970 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for ocsinventory-agent. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA35727 SOLUTION: Apply updated packages via the yum utility ("yum update ocsinventory-agent"). ORIGINAL ADVISORY: FEDORA-2010-16334: https://admin.fedoraproject.org/updates/ocsinventory-agent-1.1.2.1-1.fc12 FEDORA-2010-16335: https://admin.fedoraproject.org/updates/ocsinventory-agent-1.1.2.1-1.fc13 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 25 17:11:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 26 Oct 2010 02:11:47 +0200 Subject: [SEC] [SA41974] IBM Tivoli Access Manager for e-business Cross-Site Scripting Vulnerabilities Message-ID: <201010260011.o9Q0Bldf010192@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM Tivoli Access Manager for e-business Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA41974 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41974/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41974 RELEASE DATE: 2010-10-26 DISCUSS ADVISORY: http://secunia.com/advisories/41974/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41974/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41974 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in IBM Tivoli Access Manager for e-business, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "parm1" parameter in ivt/ivtserver and the "method" parameter in ibm/wpm/acl, ibm/wpm/domain, ibm/wpm/group, ibm/wpm/gso, ibm/wpm/gsogroup, ibm/wpm/os, ibm/wpm/pop, ibm/wpm/rule, ibm/wpm/user, ibm/wpm/webseal is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Apply APAR IZ84918 or patch 6.1.0-TIV-TAM-FP0006 when it becomes available.. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (IZ84918): http://www.ibm.com/support/docview.wss?uid=swg1IZ84918 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 25 17:44:11 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 26 Oct 2010 02:44:11 +0200 Subject: [SEC] [SA41964] Blue Coat ProxyAV Cross-Site Request Forgery Vulnerability Message-ID: <201010260044.o9Q0iBMW031635@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Blue Coat ProxyAV Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA41964 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41964/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41964 RELEASE DATE: 2010-10-26 DISCUSS ADVISORY: http://secunia.com/advisories/41964/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41964/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41964 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Blue Coat ProxyAV, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change the administrative password, change policies, or restart the appliance by tricking a logged in administrative user into visiting a malicious web site. The vulnerability is reported in versions prior to 3.2.6.1. SOLUTION: Update to version 3.2.6.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: https://kb.bluecoat.com/index?page=content&id=SA46 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 25 18:09:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 26 Oct 2010 03:09:37 +0200 Subject: [SEC] [SA41992] GetRight Insecure Library Loading Vulnerability Message-ID: <201010260109.o9Q19bK9020350@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: GetRight Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41992 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41992/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41992 RELEASE DATE: 2010-10-26 DISCUSS ADVISORY: http://secunia.com/advisories/41992/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41992/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41992 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in GetRight, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. SvcTagLib.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a GRX or GETRIGHT file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 6.3e. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: APA-IUTcert Vulnerability Analysis Team OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 25 18:23:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 26 Oct 2010 03:23:04 +0200 Subject: [SEC] [SA41979] Jamb CMS Cross-Site Request Forgery Vulnerability Message-ID: <201010260123.o9Q1N4iA008543@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Jamb CMS Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA41979 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41979/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41979 RELEASE DATE: 2010-10-26 DISCUSS ADVISORY: http://secunia.com/advisories/41979/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41979/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41979 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Jamb CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without properly verifying the requests. This can be exploited to e.g. change the contents of the web site by tricking an administrator into visiting a malicious web site while being logged in to the application. SOLUTION: Do not browse untrusted web sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: stoke OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 25 18:44:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 26 Oct 2010 03:44:18 +0200 Subject: [SEC] [SA41978] OTRS AgentTicketZoom Script Insertion Vulnerability Message-ID: <201010260144.o9Q1iIh3029473@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: OTRS AgentTicketZoom Script Insertion Vulnerability SECUNIA ADVISORY ID: SA41978 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41978/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41978 RELEASE DATE: 2010-10-26 DISCUSS ADVISORY: http://secunia.com/advisories/41978/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41978/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41978 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in OTRS, which can be exploited by malicious people to conduct script insertion attacks. Certain input passed via HTML e-mails is not properly sanitised in AgentTicketZoom before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires that "RichText" is enabled. The vulnerability is reported in versions prior to 2.4.9. SOLUTION: Update to version 2.4.9. PROVIDED AND/OR DISCOVERED BY: The vendor credits Johan Schuyt. ORIGINAL ADVISORY: http://otrs.org/advisory/OSA-2010-03-en/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 25 19:14:45 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 26 Oct 2010 04:14:45 +0200 Subject: [SEC] [SA41982] MinaliC Directory Traversal and Denial of Service Vulnerabilities Message-ID: <201010260214.o9Q2EjEU018917@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: MinaliC Directory Traversal and Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA41982 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41982/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41982 RELEASE DATE: 2010-10-26 DISCUSS ADVISORY: http://secunia.com/advisories/41982/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41982/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41982 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: John Leitch has discovered two vulnerabilities in MinaliC, which can be exploited by malicious people to disclose sensitive information and cause a DoS (Denial of Service). 1) Input is not properly verified before being used to display files, which can be exploited to disclose the contents of arbitrary files via directory traversal attacks. 2) An off-by-one error when receiving data can be exploited to crash the process via a packet containing 2048 bytes. The vulnerabilities are confirmed in version 1.0. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only (e.g. via network access control lists). PROVIDED AND/OR DISCOVERED BY: John Leitch ORIGINAL ADVISORY: http://www.johnleitch.net/Vulnerabilities/MinaliC.Webserver.1.0.Denial.Of.Service/52 http://www.johnleitch.net/Vulnerabilities/MinaliC.Webserver.1.0.Directory.Traversal/53 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Oct 25 19:44:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 26 Oct 2010 04:44:35 +0200 Subject: [SEC] [SA41987] Wondershare DVD Slideshow Builder Insecure Library Loading Vulnerability Message-ID: <201010260244.o9Q2iZQ3007838@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Wondershare DVD Slideshow Builder Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41987 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41987/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41987 RELEASE DATE: 2010-10-26 DISCUSS ADVISORY: http://secunia.com/advisories/41987/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41987/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41987 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Wondershare DVD Slideshow Builder, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. dwmapi.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a DSB file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 6.0.2. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: APA-IUTcert Vulnerability Analysis Team OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 26 10:29:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 26 Oct 2010 19:29:39 +0200 Subject: [SEC] [SA41994] Bristol LD_LIBRARY_PATH Security Issue Message-ID: <201010261729.o9QHTdHU002897@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Bristol LD_LIBRARY_PATH Security Issue SECUNIA ADVISORY ID: SA41994 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41994/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41994 RELEASE DATE: 2010-10-26 DISCUSS ADVISORY: http://secunia.com/advisories/41994/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41994/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41994 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Bristol, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to the startBristol script incorrectly setting the environment variable LD_LIBRARY_PATH. This can be exploited to gain escalated privileges e.g. by tricking a user into running the script in a directory containing a malicious library. The security issue is reported in versions prior to 0.60.7. SOLUTION: Update to version 0.60.7. PROVIDED AND/OR DISCOVERED BY: Raphael Geissert ORIGINAL ADVISORY: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598285 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 26 11:29:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 26 Oct 2010 20:29:32 +0200 Subject: [SEC] [SA41995] Apache MyFaces Cryptographic Padding Oracle Information Disclosure Message-ID: <201010261829.o9QITWsW025584@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apache MyFaces Cryptographic Padding Oracle Information Disclosure SECUNIA ADVISORY ID: SA41995 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41995/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41995 RELEASE DATE: 2010-10-26 DISCUSS ADVISORY: http://secunia.com/advisories/41995/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41995/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41995 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Apache MyFaces, which can be exploited by malicious people to disclose sensitive information. The vulnerability is caused due to improper error handling within MyFaces during cryptographic padding verification with certain algorithms. This can be exploited to decrypt data, e.g. the View State, via returned error codes from an affected server. This is related to: SA41409 The vulnerability is reported in versions prior to 1.1.8, 1.2.9, and 2.0.1. SOLUTION: Update to version 1.1.8, 1.2.9, or 2.0.1. PROVIDED AND/OR DISCOVERED BY: Juliano Rizzo and Thai Duong ORIGINAL ADVISORY: Apache MyFaces: https://issues.apache.org/jira/browse/MYFACES-2749 Juliano Rizzo and Thai Duong: http://media.blackhat.com/bh-eu-10/whitepapers/Duong_Rizzo/BlackHat-EU-2010-Duong-Rizzo-Padding-Oracle-wp.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 26 12:29:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 26 Oct 2010 21:29:30 +0200 Subject: [SEC] [SA41962] TYPO3 powermail Extension Cross-Site Scripting Vulnerability Message-ID: <201010261929.o9QJTUpa015861@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: TYPO3 powermail Extension Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA41962 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41962/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41962 RELEASE DATE: 2010-10-26 DISCUSS ADVISORY: http://secunia.com/advisories/41962/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41962/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41962 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the powermail extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 1.5.5. SOLUTION: Update to version 1.5.5. PROVIDED AND/OR DISCOVERED BY: The vendor credits Jeremy Lebourdais. ORIGINAL ADVISORY: TYPO3-SA-2010-021: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-021/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 26 13:29:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 26 Oct 2010 22:29:43 +0200 Subject: [SEC] [SA41950] Red Hat update for glibc Message-ID: <201010262029.o9QKTh1J006152@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for glibc SECUNIA ADVISORY ID: SA41950 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41950/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41950 RELEASE DATE: 2010-10-26 DISCUSS ADVISORY: http://secunia.com/advisories/41950/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41950/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41950 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for glibc. This fixes a weakness, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA41795 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0793-1: https://rhn.redhat.com/errata/RHSA-2010-0793.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 26 14:23:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 26 Oct 2010 23:23:27 +0200 Subject: [SEC] [SA41955] YUI Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201010262123.o9QLNRgi028556@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: YUI Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA41955 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41955/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41955 RELEASE DATE: 2010-10-26 DISCUSS ADVISORY: http://secunia.com/advisories/41955/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41955/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41955 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in YUI, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain input passed to build/charts/assets/charts.swf, build/uploader/assets/uploader.swf, and build/swfstore/swfstore.swf is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in versions 2.4.0 through 2.8.1. SOLUTION: Update to version 2.8.2. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://yuilibrary.com/support/2.8.2/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 26 14:44:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 26 Oct 2010 23:44:28 +0200 Subject: [SEC] [SA41958] SUSE update for Multiple Packages Message-ID: <201010262144.o9QLiSIe017089@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SUSE update for Multiple Packages SECUNIA ADVISORY ID: SA41958 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41958/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41958 RELEASE DATE: 2010-10-26 DISCUSS ADVISORY: http://secunia.com/advisories/41958/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41958/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41958 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for multiple packages. This fixes multiple vulnerabilities, where some have an unknown impact and the others can be exploited by malicious, local users to manipulate certain data, conduct spoofing attacks, bypass certain security features, and gain escalated privileges and by malicious users to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system and by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. For more information: SA34723 SA37291 SA39454 SA39762 SA39792 SA40586 SA40775 SA40908 SA41004 SA41048 SA41290 SA41298 SA41340 SA41354 SA41434 SA41435 SA41684 SA41692 SA41791 NOTE: Additionally, a security issue exists in festival which insecurely uses the LD_LIBRARY_PATH environment variable and can be exploited to execute arbitrary code e.g. by tricking a user into running festival_server. SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server. ORIGINAL ADVISORY: SUSE-SR:2010:019: http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 26 15:14:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 27 Oct 2010 00:14:49 +0200 Subject: [SEC] [SA41935] IBM Rational Quality Manager Tomcat Multiple Vulnerabilities Message-ID: <201010262214.o9QMEnOF006130@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM Rational Quality Manager Tomcat Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41935 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41935/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41935 RELEASE DATE: 2010-10-26 DISCUSS ADVISORY: http://secunia.com/advisories/41935/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41935/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41935 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged some vulnerabilities in IBM Rational Quality Manager, which can be exploited by malicious users to disclose sensitive information or manipulate certain data and by malicious people to cause a DoS (Denial of Service) or disclose sensitive information. The vulnerabilities are caused by use of a vulnerable version of Apache Tomcat. For more information: SA35326 SOLUTION: Update to version 2.0.1 or later. ORIGINAL ADVISORY: IBM: http://www-01.ibm.com/support/docview.wss?uid=swg24025919 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 26 15:46:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 27 Oct 2010 00:46:04 +0200 Subject: [SEC] [SA41951] Red Hat update for kernel Message-ID: <201010262246.o9QMk4qi027515@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for kernel SECUNIA ADVISORY ID: SA41951 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41951/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41951 RELEASE DATE: 2010-10-27 DISCUSS ADVISORY: http://secunia.com/advisories/41951/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41951/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41951 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious people to gain escalated privileges. The vulnerability is caused due to an error within the "rds_page_copy_user()" function, which can be exploited to execute arbitrary code with kernel privileges. SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Dan Rosenberg, Virtual Security Research ORIGINAL ADVISORY: RHSA-2010-0792: https://rhn.redhat.com/errata/RHSA-2010-0792.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Oct 26 16:12:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 27 Oct 2010 01:12:36 +0200 Subject: [SEC] [SA41997] VIPS LD_LIBRARY_PATH Security Issue Message-ID: <201010262312.o9QNCal8016310@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: VIPS LD_LIBRARY_PATH Security Issue SECUNIA ADVISORY ID: SA41997 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41997/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41997 RELEASE DATE: 2010-10-27 DISCUSS ADVISORY: http://secunia.com/advisories/41997/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41997/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41997 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in VIPS, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to the vips-7.22 script incorrectly setting the environment variable LD_LIBRARY_PATH. This can be exploited to gain escalated privileges e.g. by tricking a user into running the script in a directory containing a malicious library. The security issue is reported in versions prior to 7.22.3. SOLUTION: Update to version 7.22.3. PROVIDED AND/OR DISCOVERED BY: Raphael Geissert ORIGINAL ADVISORY: Raphael Geissert: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598296 VIPS: http://vips.svn.sourceforge.net/viewvc/vips/vips7/branches/vips-7.22/ChangeLog?view=markup OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 27 10:28:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 27 Oct 2010 19:28:29 +0200 Subject: [SEC] [SA41977] Apple iOS Emergency Call Passcode Lock Security Bypass Weakness Message-ID: <201010271728.o9RHSTNn021402@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apple iOS Emergency Call Passcode Lock Security Bypass Weakness SECUNIA ADVISORY ID: SA41977 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41977/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41977 RELEASE DATE: 2010-10-27 DISCUSS ADVISORY: http://secunia.com/advisories/41977/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41977/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41977 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been discovered in Apple iPhone OS, which can be exploited by malicious people with physical access to the device to bypass certain security features. The weakness is caused due to an error in the handling of emergency calls, which can be exploited to bypass the "Passcode Lock" feature and allows e.g. accessing the "Phone" application without a valid passcode. The weakness is confirmed in iOS 4.1 running on iPhone 3 and 4. Other versions may also be affected. SOLUTION: There's currently no known workaround. PROVIDED AND/OR DISCOVERED BY: jordand321 ORIGINAL ADVISORY: http://forums.macrumors.com/showpost.php?p=11283481&postcount=1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 27 11:28:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 27 Oct 2010 20:28:26 +0200 Subject: [SEC] [SA41938] mpg123 "utf8_ascii()" String Handling Vulnerability Message-ID: <201010271828.o9RISQXq011672@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: mpg123 "utf8_ascii()" String Handling Vulnerability SECUNIA ADVISORY ID: SA41938 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41938/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41938 RELEASE DATE: 2010-10-27 DISCUSS ADVISORY: http://secunia.com/advisories/41938/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41938/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41938 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in mpg123, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "utf8_ascii()" function in src/metaprint.c and can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into playing a specially crafted MP3 file. Successful exploitation requires a non-UTF-8 system. NOTE: Secunia normally does not classify client crashes as a vulnerability nor issue an advisory about it. However, the potential impact of this issue may be more severe than currently believed. The vulnerability is confirmed in version 1.12.4. SOLUTION: Update to version 1.12.5. PROVIDED AND/OR DISCOVERED BY: The vendor credits Jakub Bogusz. ORIGINAL ADVISORY: http://www.mpg123.de/cgi-bin/news.cgi OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 27 12:29:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 27 Oct 2010 21:29:22 +0200 Subject: [SEC] [SA41973] Energine "NRGNSID" Cookie SQL Injection Vulnerability Message-ID: <201010271929.o9RJTMbx001929@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Energine "NRGNSID" Cookie SQL Injection Vulnerability SECUNIA ADVISORY ID: SA41973 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41973/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41973 RELEASE DATE: 2010-10-27 DISCUSS ADVISORY: http://secunia.com/advisories/41973/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41973/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41973 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has reported a vulnerability in Energine, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "NRGNSID" cookie to e.g. index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 2.3.8. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: High-Tech Bridge SA (HTB22655): http://www.htbridge.ch/advisory/sql_injection_in_energine.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 27 13:29:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 27 Oct 2010 22:29:28 +0200 Subject: [SEC] [SA41933] NinkoBB Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201010272029.o9RKTSmu024670@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: NinkoBB Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA41933 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41933/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41933 RELEASE DATE: 2010-10-27 DISCUSS ADVISORY: http://secunia.com/advisories/41933/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41933/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41933 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in NinkoBB, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "first_name", "last_name", "msn", and "aim" POST parameters to users.php (when "a" is set to "profile") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 1.3RC5. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22652: http://www.htbridge.ch/advisory/xss_in_ninkobb.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 27 14:23:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 27 Oct 2010 23:23:23 +0200 Subject: [SEC] [SA41959] Symantec IM Manager Multiple SQL Injection Vulnerabilities Message-ID: <201010272123.o9RLNNxP014677@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Symantec IM Manager Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA41959 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41959/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41959 RELEASE DATE: 2010-10-27 DISCUSS ADVISORY: http://secunia.com/advisories/41959/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41959/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41959 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Symantec IM Manager, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via unspecified parameters is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in versions prior to 8.4.16. SOLUTION: Update to version 8.4.16. PROVIDED AND/OR DISCOVERED BY: The vendor credits Andrea Micalizzi via ZDI. ORIGINAL ADVISORY: SYM10-010: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20101027_01 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 27 14:44:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 27 Oct 2010 23:44:10 +0200 Subject: [SEC] [SA41963] DZCP "language" File Inclusion Vulnerability Message-ID: <201010272144.o9RLiALf003172@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: DZCP "language" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA41963 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41963/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41963 RELEASE DATE: 2010-10-27 DISCUSS ADVISORY: http://secunia.com/advisories/41963/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41963/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41963 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in DZCP, which can be exploited by malicious people to disclose potentially sensitive information. Input passed to the "language" cookie parameter in inc/bbcode.php is not properly verified before being used to include files. This can be exploited to include arbitrary PHP files from local resources via directory traversal attacks. The vulnerability is confirmed in version 1.5.4 and 1.5.5. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB22656: http://www.htbridge.ch/advisory/lfi_in_dzcp.html DZCP: http://www.dzcp.de/inc/tinymce_files/Downloads/changelog_1.5.5.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 27 15:14:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Oct 2010 00:14:26 +0200 Subject: [SEC] [SA41953] Fujitsu Interstage Products Host Header Buffer Overflow Vulnerabilities Message-ID: <201010272214.o9RMEQvR024636@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fujitsu Interstage Products Host Header Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA41953 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41953/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41953 RELEASE DATE: 2010-10-27 DISCUSS ADVISORY: http://secunia.com/advisories/41953/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41953/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41953 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in various Fujitsu Interstage products, which can be exploited by malicious people to compromise a vulnerable system The vulnerabilities are caused due to boundary errors in the Servlet Service when handling "Host" headers. This can be exploited to cause stack-based buffer overflows via an overly long "Host" header field. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Originally reported in the mod_jk2 module for Apache by IOActive Labs. ORIGINAL ADVISORY: http://www.fujitsu.com/global/support/software/security/products-f/interstage-201004e.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 27 15:46:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Oct 2010 00:46:18 +0200 Subject: [SEC] [SA41999] HP Insight Dynamics - VSE File Disclosure Vulnerability Message-ID: <201010272246.o9RMkIbt013648@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HP Insight Dynamics - VSE File Disclosure Vulnerability SECUNIA ADVISORY ID: SA41999 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41999/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41999 RELEASE DATE: 2010-10-28 DISCUSS ADVISORY: http://secunia.com/advisories/41999/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41999/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41999 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP Insight Dynamics - VSE, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an unspecified error and can be exploited to disclose the contents of arbitrary files. No further information is currently available. The vulnerability is reported in versions prior to 6.2. SOLUTION: Update to version 6.2. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02599 SSRT100235: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02563225 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 27 16:12:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Oct 2010 01:12:26 +0200 Subject: [SEC] [SA41957] Mozilla Firefox Unspecified Code Execution Vulnerability Message-ID: <201010272312.o9RNCQIV002368@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Mozilla Firefox Unspecified Code Execution Vulnerability SECUNIA ADVISORY ID: SA41957 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41957/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41957 RELEASE DATE: 2010-10-28 DISCUSS ADVISORY: http://secunia.com/advisories/41957/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41957/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41957 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Mozilla Firefox, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error and can be exploited to execute arbitrary code by tricking a user into visiting a specially crafted site. NOTE: The vulnerability is currently being actively exploited. SOLUTION: Reportedly, disabling JavaScript or using the "NoScript" addon prevents successful exploitation. PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day. The vendor also credits Morten Kr?kvik, Telenor SOC. ORIGINAL ADVISORY: Mozilla: http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/ Norman ASA: http://norman.com/about_norman/press_center/news_archive/2010/129223/en OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 27 16:44:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Oct 2010 01:44:27 +0200 Subject: [SEC] [SA41993] IBM WebSphere MQ Certificate Spoofing Vulnerability Message-ID: <201010272344.o9RNiR9I023835@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM WebSphere MQ Certificate Spoofing Vulnerability SECUNIA ADVISORY ID: SA41993 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41993/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41993 RELEASE DATE: 2010-10-28 DISCUSS ADVISORY: http://secunia.com/advisories/41993/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41993/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41993 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM WebSphere MQ, which can be exploited by malicious people to conduct spoofing attacks. The vulnerability is caused due to an error when handling the Subject Distinguished Name (DN) values in a X.509 Certificate and can be exploited to spoof an identity and access channel messages. The vulnerability is reported in versions prior to 6.0.2.10 and prior to 7.0.1.3. SOLUTION: Apply APAR IZ68707 or update to version 6.0.2.10 and 7.0.1.3. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM X-Force: http://xforce.iss.net/xforce/xfdb/60018 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 27 17:12:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Oct 2010 02:12:34 +0200 Subject: [SEC] [SA41998] HP Version Control Repository Manager Cross-Site Scripting Vulnerability Message-ID: <201010280012.o9S0CYGS012695@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HP Version Control Repository Manager Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA41998 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41998/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41998 RELEASE DATE: 2010-10-28 DISCUSS ADVISORY: http://secunia.com/advisories/41998/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41998/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41998 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP Version Control Repository Manager, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 6.2.0.860. SOLUTION: Update to version 6.2.0.860. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02597 SSRT100198: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02560536 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 27 17:44:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Oct 2010 02:44:19 +0200 Subject: [SEC] [SA41983] HP Operations Orchestration Cross-Site Scripting Vulnerability Message-ID: <201010280044.o9S0iJCK001639@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HP Operations Orchestration Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA41983 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41983/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41983 RELEASE DATE: 2010-10-28 DISCUSS ADVISORY: http://secunia.com/advisories/41983/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41983/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41983 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP Operations Orchestration, which can be exploited by malicious people to conduct cross-site scripting attacks. Unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 9.0. SOLUTION: Upgrade to version 9.0 (contact HP Support for update information). PROVIDED AND/OR DISCOVERED BY: The vendor credits Michael Schratt, WienIT. ORIGINAL ADVISORY: HPSBMA02588 SSRT100001: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02541822 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 27 18:09:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Oct 2010 03:09:22 +0200 Subject: [SEC] [SA41956] CometBird Multiple Vulnerabilities Message-ID: <201010280109.o9S19Mbu022804@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: CometBird Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41956 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41956/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41956 RELEASE DATE: 2010-10-28 DISCUSS ADVISORY: http://secunia.com/advisories/41956/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41956/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41956 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in CometBird, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct spoofing attacks, bypass certain security restrictions, conduct cross-site scripting attacks, and potentially compromise a user's system. For more information: SA41244 SOLUTION: Update to version 3.6.11. ORIGINAL ADVISORY: http://www.cometforums.com/forum-70/announcement-17-new-cometbird-version-3611-has-been-released/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Oct 27 18:23:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Oct 2010 03:23:59 +0200 Subject: [SEC] [SA42000] HP Insight Control Multiple Vulnerabilities Message-ID: <201010280123.o9S1Nxlk011044@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HP Insight Control Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42000 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42000/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42000 RELEASE DATE: 2010-10-28 DISCUSS ADVISORY: http://secunia.com/advisories/42000/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42000/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42000 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in HP Insight Control, which can be exploited by malicious users to gain escalated privileges and by malicious people to conduct cross-site scripting and cross-site request forgery attacks, cause a DoS (Denial of Service), and bypass certain security restrictions. 1) Input is not properly sanitised in the Virtual Machine Management component before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) An error in the Virtual Machine Management component can be exploited to cause a DoS. 3) The Virtual Machine Management component allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform an unspecified action if a logged-in user visits a malicious web site. 4) Input is not properly sanitised in the Server Migration component before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 5) An error in the Server Migration component can be exploited by authenticated users to escalate privileges. 6) An error in the Server Migration component can be exploited to gain unauthorized access. 7) Input is not properly sanitised in the Power Management component before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 8) The Power Management component allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform an unspecified action if a logged-in user visits a malicious web site. The vulnerabilities are reported in versions prior to 6.2. SOLUTION: Update to version 6.2. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02598 SSRT100314: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02560655 HPSBMA02601 SSRT100316: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02563279 HPSBMA02603 SSRT100319: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02564294 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 28 10:29:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Oct 2010 19:29:42 +0200 Subject: [SEC] [SA42014] TeamSpeak Client Voice Packet Processing Vulnerability Message-ID: <201010281729.o9SHTg44005243@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: TeamSpeak Client Voice Packet Processing Vulnerability SECUNIA ADVISORY ID: SA42014 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42014/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42014 RELEASE DATE: 2010-10-28 DISCUSS ADVISORY: http://secunia.com/advisories/42014/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42014/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42014 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Jokaim has discovered a vulnerability in TeamSpeak Client, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error when processing certain packets and can be exploited to corrupt memory by e.g. sending a specially crafted TS2T_VOICE_DATA_CELP_WINDOWS_5_2 packet. The vulnerability is confirmed in version 2.0.32.60 for Windows. Other versions may also be affected. SOLUTION: Update to version 2.0.33.7, which appears to be unaffected. Reportedly also fixed in the latest TeamSpeak 3.x version. PROVIDED AND/OR DISCOVERED BY: Jokaim, nSense. ORIGINAL ADVISORY: nSense: http://www.nsense.fi/advisories/nsense_2010_002.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 28 11:29:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Oct 2010 20:29:35 +0200 Subject: [SEC] [SA42001] SUSE update for kernel Message-ID: <201010281829.o9SITZdT027927@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SUSE update for kernel SECUNIA ADVISORY ID: SA42001 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42001/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42001 RELEASE DATE: 2010-10-28 DISCUSS ADVISORY: http://secunia.com/advisories/42001/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42001/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42001 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA41693 1) An error exists within the "rds_page_copy_user()" function, which can be exploited to execute arbitrary code with kernel privileges. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) Dan Rosenberg ORIGINAL ADVISORY: SUSE-SA:2010:053: http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 28 12:29:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Oct 2010 21:29:18 +0200 Subject: [SEC] [SA42002] SUSE update for glibc Message-ID: <201010281929.o9SJTIi9018204@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SUSE update for glibc SECUNIA ADVISORY ID: SA42002 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42002/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42002 RELEASE DATE: 2010-10-28 DISCUSS ADVISORY: http://secunia.com/advisories/42002/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42002/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42002 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for glibc. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious people to potentially compromise a vulnerable system. For more information: SA41795 1) Integer overflows in the libc "strfmon()" function can be exploited to cause a crash or potentially execute arbitrary code via specially crafted format specifiers. 2) The "addmntent()" function does not correctly handle newlines characters. This can be exploited to e.g. cause a DoS or gain escalated privileges, but requires that an attacker can inject newline characters into a mount entry (e.g. via vulnerable mount helpers) 3) The security issue is caused due to the "getpwnam()" function leaking encrypted passwords from the passwd.adjunct.byname map. 4) A signedness error when processing certain ELF headers can be exploited to e.g. execute arbitrary code via a specially crafted ELF file. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Maksymilian Arciemowicz 2) Dan Rosenberg and Jeff Layton 3) Christoph Pleger 4) Dan Rosenberg ORIGINAL ADVISORY: SUSE-SA:2010:052: http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 28 13:29:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Oct 2010 22:29:39 +0200 Subject: [SEC] [SA41965] Red Hat update for seamonkey Message-ID: <201010282029.o9SKTdok008505@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for seamonkey SECUNIA ADVISORY ID: SA41965 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41965/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41965 RELEASE DATE: 2010-10-28 DISCUSS ADVISORY: http://secunia.com/advisories/41965/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41965/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41965 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for seamonkey. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA41957 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0810-1: http://rhn.redhat.com/errata/RHSA-2010-0810.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 28 14:24:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Oct 2010 23:24:03 +0200 Subject: [SEC] [SA41976] FrontAccounting Two SQL Injection Vulnerabilities Message-ID: <201010282124.o9SLO3VV030929@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: FrontAccounting Two SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA41976 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41976/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41976 RELEASE DATE: 2010-10-28 DISCUSS ADVISORY: http://secunia.com/advisories/41976/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41976/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41976 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in FrontAccounting, which can be exploited by malicious users to conduct SQL injection attacks. Input passed via the "Memo" and "Ref" parameters to gl/inquiry/journal_inquiry is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 2.2.11. Other versions may also be affected. SOLUTION: Fixed in version 2.3 RC3. PROVIDED AND/OR DISCOVERED BY: The vendor credits CybSec. ORIGINAL ADVISORY: http://frontaccounting.com/wb3/pages/posts/release-2.3-rc3157.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 28 14:44:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 28 Oct 2010 23:44:25 +0200 Subject: [SEC] [SA42007] n2 n2view Authentication Bypass Vulnerability Message-ID: <201010282144.o9SLiPsv019439@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: n2 n2view Authentication Bypass Vulnerability SECUNIA ADVISORY ID: SA42007 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42007/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42007 RELEASE DATE: 2010-10-28 DISCUSS ADVISORY: http://secunia.com/advisories/42007/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42007/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42007 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in n2, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in n2view when processing logins, which can be exploited to bypass the authentication via an empty "username" parameter. The vulnerability is reported in versions prior to 1.0.3. SOLUTION: Update to version 1.0.3 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits Peter Touw. ORIGINAL ADVISORY: http://opensource.xlshosting.com/n2/changelog.html#1.0.3 http://opensource.xlshosting.com/hg/n2view/rev/917f52f4bb14 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 28 15:14:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Oct 2010 00:14:04 +0200 Subject: [SEC] [SA42016] Fedora update for subversion Message-ID: <201010282214.o9SME4pq008444@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for subversion SECUNIA ADVISORY ID: SA42016 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42016/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42016 RELEASE DATE: 2010-10-28 DISCUSS ADVISORY: http://secunia.com/advisories/42016/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42016/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42016 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for subversion. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA41652 SOLUTION: Apply updated packages via the yum utility ("yum update subversion"). ORIGINAL ADVISORY: FEDORA-2010-16115: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049898.html FEDORA-2010-16136: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049883.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 28 15:46:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Oct 2010 00:46:13 +0200 Subject: [SEC] [SA41969] Red Hat update for firefox Message-ID: <201010282246.o9SMkDUF029876@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for firefox SECUNIA ADVISORY ID: SA41969 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41969/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41969 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/41969/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41969/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41969 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for firefox. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA41957 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0808-1: http://rhn.redhat.com/errata/RHSA-2010-0808.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 28 16:11:58 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Oct 2010 01:11:58 +0200 Subject: [SEC] [SA42024] Spring Security Constraints Security Bypass Vulnerability Message-ID: <201010282311.o9SNBwYJ018640@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Spring Security Constraints Security Bypass Vulnerability SECUNIA ADVISORY ID: SA42024 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42024/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42024 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/42024/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42024/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42024 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Spring Security, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error when processing security constraints and can be exploited to bypass some constraints by adding certain URL path parameters to a request. The vulnerability is reported in versions 2.0.0 through 2.0.5 and 3.0.0 through 3.0.3. SOLUTION: Update to version 2.0.6 and 3.0.4. PROVIDED AND/OR DISCOVERED BY: The vendor credits Ed Schaller. ORIGINAL ADVISORY: http://www.springsource.com/security/cve-2010-3700 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 28 16:44:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Oct 2010 01:44:40 +0200 Subject: [SEC] [SA42029] ENOVIA Unspecified Vulnerability Message-ID: <201010282344.o9SNiePV007697@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: ENOVIA Unspecified Vulnerability SECUNIA ADVISORY ID: SA42029 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42029/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42029 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/42029/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42029/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42029 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability with an unknown impact has been reported in ENOVIA. The vulnerability is caused due to an unknown error. No further information is currently available. SOLUTION: Apply APAR HE01296. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM: http://www.ibm.com/support/docview.wss?uid=swg1HE01296 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 28 17:12:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Oct 2010 02:12:12 +0200 Subject: [SEC] [SA41761] Ubuntu update for firefox Message-ID: <201010290012.o9T0CCm8028913@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for firefox SECUNIA ADVISORY ID: SA41761 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41761/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41761 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/41761/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41761/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41761 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for firefox. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA41957 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1011-1: http://www.ubuntu.com/usn/usn-1011-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 28 17:44:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Oct 2010 02:44:36 +0200 Subject: [SEC] [SA41966] Red Hat update for xulrunner Message-ID: <201010290044.o9T0ia7b017959@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for xulrunner SECUNIA ADVISORY ID: SA41966 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41966/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41966 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/41966/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41966/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41966 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for xulrunner. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA41957 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0809-1: https://rhn.redhat.com/errata/RHSA-2010-0809.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 28 18:10:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Oct 2010 03:10:41 +0200 Subject: [SEC] [SA41984] Microsoft Windows Environment Variable Expansion Library Loading Vulnerability Message-ID: <201010290110.o9T1Afk7006726@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Environment Variable Expansion Library Loading Vulnerability SECUNIA ADVISORY ID: SA41984 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41984/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41984 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/41984/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41984/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41984 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to Windows not properly expanding certain values in environment variables (e.g. "%APPDATA%" in the "PATH" environment variable), leading to the unexpanded value being used as relative search path when loading resources. This can be exploited to load arbitrary resources by tricking a user into opening a file located on a remote WebDAV or SMB share with certain applications. Successful exploitation allows execution of arbitrary code. Currently, known applications presenting valid attack vectors are e.g. Apple iTunes and Safari. The vulnerability is confirmed in a fully patched Windows XP Professional SP3 and is also reported in Windows Vista Business, and Windows 7 Professional. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Known, documented bug in Windows. Security impact reported by ACROS Security. ORIGINAL ADVISORY: Windows KB32908: http://support.microsoft.com/kb/329308 ACROS Security: http://blog.acrossecurity.com/2010/10/breaking-setdlldirectory-protection.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 28 18:44:57 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Oct 2010 03:44:57 +0200 Subject: [SEC] [SA42022] HP Storage Essentials LDAP Authentication Security Bypass Vulnerability Message-ID: <201010290144.o9T1ivEJ028247@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HP Storage Essentials LDAP Authentication Security Bypass Vulnerability SECUNIA ADVISORY ID: SA42022 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42022/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42022 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/42022/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42022/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42022 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP Storage Essentials, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an unspecified error when using LDAP authentication, which can be exploited to gain unauthenticated access. No further information is currently available. The vulnerability is reported in HP Storage Essentials running on Windows, Linux, and Solaris versions 5.1.x, 6.0.x, 6.1.x, and 6.2.x. SOLUTION: Update or upgrade to HP Storage Essentials version 6.3.0 or later. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBST02595 SSRT1000303: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02552030 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 28 19:12:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Oct 2010 04:12:30 +0200 Subject: [SEC] [SA41917] Adobe Flash Player Unspecified Code Execution Vulnerability Message-ID: <201010290212.o9T2CUcp017567@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Adobe Flash Player Unspecified Code Execution Vulnerability SECUNIA ADVISORY ID: SA41917 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41917 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/41917/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41917/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41917 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error and can be exploited to execute arbitrary code. The vulnerability is confirmed in version 10.1.85.3 running on a fully patched Windows XP Professional SP3. Other versions may also be affected. NOTE: The vulnerability is currently being actively exploited. SOLUTION: Adobe plans to release a fixed version on November 9, 2010. PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day. ORIGINAL ADVISORY: Adobe APSA10-05: http://www.adobe.com/support/security/advisories/apsa10-05.html Mila Parkour: http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 28 19:43:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Oct 2010 04:43:30 +0200 Subject: [SEC] [SA41967] Red Hat update for java-1.5.0-ibm Message-ID: <201010290243.o9T2hUtT006536@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for java-1.5.0-ibm SECUNIA ADVISORY ID: SA41967 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41967/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41967 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/41967/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41967/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41967 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for java-1.5.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, and compromise a vulnerable system. For more information: SA41791 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0807-1: https://rhn.redhat.com/errata/RHSA-2010-0807.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 28 19:55:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Oct 2010 04:55:38 +0200 Subject: [SEC] [SA42028] IBM HTTP Server "mod_dav" Denial of Service Vulnerability Message-ID: <201010290255.o9T2tcuK027063@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM HTTP Server "mod_dav" Denial of Service Vulnerability SECUNIA ADVISORY ID: SA42028 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42028/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42028 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/42028/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42028/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42028 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged a vulnerability in IBM HTTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerability #3: SA40206 SOLUTION: Apply APAR PM18904 or update to version 6.0.2.43 and 6.1.0.35 when it becomes available. ORIGINAL ADVISORY: IBM (PM18904): http://www.ibm.com/support/docview.wss?uid=swg1PM18904 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 28 20:08:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Oct 2010 05:08:47 +0200 Subject: [SEC] [SA42015] Fedora update for apr-util Message-ID: <201010290308.o9T38lkD015249@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for apr-util SECUNIA ADVISORY ID: SA42015 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42015/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42015 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/42015/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42015/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42015 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for apr-util. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA41701 SOLUTION: Apply updated packages using the yum utility ("yum update apr-util"). ORIGINAL ADVISORY: FEDORA-2010-15916: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049939.html FEDORA-2010-15953: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049885.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 28 20:22:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Oct 2010 05:22:28 +0200 Subject: [SEC] [SA42018] Fedora update for sepostgresql Message-ID: <201010290322.o9T3MSZC003433@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for sepostgresql SECUNIA ADVISORY ID: SA42018 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42018/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42018 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/42018/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42018/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42018 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for sepostgresql. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious users to perform certain actions with escalated privileges, bypass certain security restrictions, and compromise a vulnerable system. For more information: SA39845 SA41692 SOLUTION: Apply updated packages using the yum utility ("yum update sepostgresql"). ORIGINAL ADVISORY: FEDORA-2010-16004: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049851.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 28 20:43:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Oct 2010 05:43:20 +0200 Subject: [SEC] [SA41975] Mozilla Thunderbird "document.write()" and DOM Insertion Vulnerability Message-ID: <201010290343.o9T3hKPt024365@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Mozilla Thunderbird "document.write()" and DOM Insertion Vulnerability SECUNIA ADVISORY ID: SA41975 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41975/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41975 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/41975/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41975/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41975 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Mozilla Thunderbird, which can be exploited by malicious people to compromise a user's system. For more information: SA41957 NOTE: Reportedly, this can't be exploited via malicious emails. However, RSS feeds if JavaScript is enabled or add-ons providing browser-like functionality could be used as attack vector. SOLUTION: Update to version 3.0.10 and 3.1.6. ORIGINAL ADVISORY: Mozilla: http://www.mozilla.org/security/announce/2010/mfsa2010-73.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 28 20:55:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Oct 2010 05:55:16 +0200 Subject: [SEC] [SA42027] IBM HTTP Server Information Disclosure and Denial of Service Vulnerabilities Message-ID: <201010290355.o9T3tGNX012491@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM HTTP Server Information Disclosure and Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA42027 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42027/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42027 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/42027/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42027/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42027 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged two vulnerabilities in IBM HTTP Server, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service). For more information see vulnerabilities #1 and #3: SA40206 SOLUTION: Apply APARs PM16366 and PM18904 or update to Fix Pack 13 (7.0.0.13). ORIGINAL ADVISORY: IBM (PM16366, PM18904): http://www.ibm.com/support/docview.wss?uid=swg1PM16366 http://www.ibm.com/support/docview.wss?uid=swg1PM18904 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 28 21:08:57 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Oct 2010 06:08:57 +0200 Subject: [SEC] [SA42013] AlstraSoft E-Friends Local File Inclusion and Arbitrary File Upload Vulnerabilities Message-ID: <201010290408.o9T48vRO000624@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: AlstraSoft E-Friends Local File Inclusion and Arbitrary File Upload Vulnerabilities SECUNIA ADVISORY ID: SA42013 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42013/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42013 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/42013/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42013/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42013 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Salvatore Fresta has reported some vulnerabilities in AlstraSoft E-Friends, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to disclose sensitive information. 1) Input passed to the "lang" parameter in chat/updatePage.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. 2) The application allows upload of files with arbitrary extensions to a folder inside the webroot while adding files to a group. This can be exploited to upload arbitrary files inside the webroot and e.g. execute arbitrary PHP code. SOLUTION: Edit the source code to ensure that input is properly verified. Restrict access to the "groups" folder (e.g. via .htaccess) PROVIDED AND/OR DISCOVERED BY: Salvatore Fresta aka Drosophila ORIGINAL ADVISORY: http://adv.salvatorefresta.net/AlstraSoft_E-Friends_4.96_Multiple_Remote_Vulnerabilities-27102010.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 28 21:23:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Oct 2010 06:23:19 +0200 Subject: [SEC] [SA42011] CiscoWorks Common Services Buffer Overflow Vulnerability Message-ID: <201010290423.o9T4NJ1h021326@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: CiscoWorks Common Services Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA42011 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42011/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42011 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/42011/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42011/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42011 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error when processing certain packets and can be exploited to cause a buffer overflow via a specially crafted packet sent to certain TCP ports (e.g. 443 or 1741). The vulnerability is reported in CiscoWorks Common Services versions 3.0.5, 3.1, 3.1.1, and 3.3.0 for Windows and Solaris. Please see the vendor's advisory for a complete list of products that are affected by this vulnerability. SOLUTION: Upgrade to Common Services version 4.0 or apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20101027-cs.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 28 21:43:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Oct 2010 06:43:36 +0200 Subject: [SEC] [SA40590] Weborf HTTP Request Processing Denial of Service Vulnerability Message-ID: <201010290443.o9T4ha7u009817@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Weborf HTTP Request Processing Denial of Service Vulnerability SECUNIA ADVISORY ID: SA40590 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40590/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40590 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/40590/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40590/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40590 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Weborf, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing certain HTTP requests, which can be exploited to crash the server by sending specially crafted HTTP requests. The vulnerability is reported in versions prior to 0.12.4. SOLUTION: Update to version 0.12.4. PROVIDED AND/OR DISCOVERED BY: The vendor credits Michel Arboi. ORIGINAL ADVISORY: http://galileo.dmi.unict.it/wiki/weborf/doku.php?id=news:released_0.12.4 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 28 21:56:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Oct 2010 06:56:05 +0200 Subject: [SEC] [SA42020] Fedora update for nss, nss-util, and nss-softokn Message-ID: <201010290456.o9T4u5K6030360@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for nss, nss-util, and nss-softokn SECUNIA ADVISORY ID: SA42020 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42020/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42020 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/42020/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42020/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42020 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for nss, nss-util, and nss-softokn. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks. For more information: SA41244 SOLUTION: Apply updated packages using the yum utility ("yum update nss nss-util nss-softokn"). ORIGINAL ADVISORY: FEDORA-2010-15520: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049760.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049761.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049762.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Oct 28 22:08:50 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Oct 2010 07:08:50 +0200 Subject: [SEC] [SA41952] Drupal Watcher Module Multiple Vulnerabilities Message-ID: <201010290508.o9T58oTM018512@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Drupal Watcher Module Multiple Vulnerabilities SECUNIA ADVISORY ID: SA41952 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41952/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41952 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/41952/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41952/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41952 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Watcher module for Drupal, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) Input passed via unspecified parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The application allows users to perform certain actions via HTTP requests without making proper validity checks to verify the requests. This can be exploited to e.g. perform the subscribe and unsubscribe actions by tricking a user into visiting a malicious web site while being logged-in to the application. The vulnerabilities are reported in versions prior to 5.x-1.7 and 6.x-1.4. SOLUTION: Update to version 5.x-1.7 or later or version 6.x-1.4 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits Ivo Van Geertruyen, Drupal Security Team. ORIGINAL ADVISORY: SA-CONTRIB-2010-101: http://drupal.org/node/955282 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 29 10:29:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Oct 2010 19:29:28 +0200 Subject: [SEC] [SA42044] Asset UPnP Buffer Overflow Vulnerabilities Message-ID: <201010291729.o9THTSAU007059@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Asset UPnP Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA42044 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42044/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42044 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/42044/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42044/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42044 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in Asset UPnP, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused due to the use of a vulnerable version of Platinum UPnP. For more information, see vulnerabilities #1 and #4 in: SA42033 The vulnerabilities are confirmed in Asset UPnP for Windows XP release 3. Other versions may also be affected. SOLUTION: Restrict access to trusted computers. ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/15346/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 29 11:29:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Oct 2010 20:29:37 +0200 Subject: [SEC] [SA42034] XBMC Buffer Overflow Vulnerabilities Message-ID: <201010291829.o9TITbxA029754@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: XBMC Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA42034 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42034/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42034 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/42034/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42034/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42034 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in XBMC, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused due to the use of a vulnerable version of the Platinum UPnP library. For more information: SA42033 SOLUTION: Restrict network access to trusted computers. ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/15347/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 29 12:30:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Oct 2010 21:30:40 +0200 Subject: [SEC] [SA42033] Platinum UPnP Multiple Vulnerabilities Message-ID: <201010291930.o9TJUejP020085@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Platinum UPnP Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42033 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42033/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42033 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/42033/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42033/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42033 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in Platinum UPnP, which can be exploited by malicious people to compromise an application using the library. 1) A boundary error within the "PLT_DeviceHost::ProcessHttpPostRequest()" function can be exploited to cause a stack-based buffer overflow by sending a specially crafted HTTP POST request containing on overly long "SOAPAction" header. 2) A boundary error within the "PLT_CtrlPoint::ProcessSsdpSearchResponse()" function can be exploited to cause a stack-based buffer overflow by sending a specially crafted SSDP search response. 3) A boundary error within the "PLT_CtrlPoint::ProcessSsdpNotify()" function can be exploited to cause a stack-based buffer overflow by sending a specially crafted SSDP notify response. 4) A boundary error within the "PLT_HttpHelper::GetRange()" function can be exploited to cause a stack-based buffer overflow by sending a specially crafted HTTP request. 5) A boundary error within the "PLT_HttpHelper::GetContentRange()" function can be exploited to cause a stack-based buffer overflow by sending a specially crafted HTTP request. The vulnerabilities are confirmed in version 0.6.0. Other versions may also be affected. SOLUTION: Update to version 0.6.1. PROVIDED AND/OR DISCOVERED BY: 1) Carl Cope 2, 3) Reported by the vendor. 4, 5) Silently fixed by the vendor. ORIGINAL ADVISORY: Platinum UPnP: http://sourceforge.net/projects/platinum/files//platinum/0.6.1/CHANGELOG.txt/view 1) http://www.exploit-db.com/exploits/15346/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 29 13:29:45 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Oct 2010 22:29:45 +0200 Subject: [SEC] [SA41986] Microsoft Windows DAO 3.6 Object Library Insecure Library Loading Vulnerability Message-ID: <201010292029.o9TKTj2Q010342@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Microsoft Windows DAO 3.6 Object Library Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA41986 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41986/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41986 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/41986/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41986/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41986 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the Data Access Objects library (dao360.dll) loading libraries (e.g. msjet49.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share via an application using the library. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in fully patched versions of Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Mister Teatime OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 29 14:23:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Oct 2010 23:23:47 +0200 Subject: [SEC] [SA42039] Active! mail HTTP Header Injection Vulnerability Message-ID: <201010292123.o9TLNlXv032767@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Active! mail HTTP Header Injection Vulnerability SECUNIA ADVISORY ID: SA42039 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42039/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42039 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/42039/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42039/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42039 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Active! mail, which can be exploited by malicious people to conduct HTTP header injection attacks. The vulnerability is caused due to the application not properly sanitising certain parameters before using them in HTTP responses. This can be exploited to inject arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site. The vulnerability is reported in versions 6.40.010047750 and prior. SOLUTION: Update to version 6.40.02004975. PROVIDED AND/OR DISCOVERED BY: JVN credits Taketo Ikeuchi, Hitachi Solutions. ORIGINAL ADVISORY: JVN: http://jvn.jp/en/jp/JVN72541530/index.html http://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000050.html TransWARE: http://www.transware.co.jp/security/am0610001.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 29 14:45:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 29 Oct 2010 23:45:04 +0200 Subject: [SEC] [SA41079] CVS Delta Fragment Array Indexing Vulnerability Message-ID: <201010292145.o9TLj4f5021304@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: CVS Delta Fragment Array Indexing Vulnerability SECUNIA ADVISORY ID: SA41079 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41079/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41079 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/41079/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41079/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41079 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in CVS, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an array-indexing error in the "apply_rcs_change()" function in ccvs/src/rcs.c while processing delta fragment changes from a file in RCS (Revision Control System) format. This can be exploited to cause a heap-based buffer overflow by tricking a user to checkout a specially crafted file. The vulnerability is reported in version 1.11.23. Other versions may also be affected. SOLUTION: Fixed in the CVS repository. PROVIDED AND/OR DISCOVERED BY: Red Hat credits Ralph Loader ORIGINAL ADVISORY: CVS: http://cvs.savannah.gnu.org/viewvc/cvs/ccvs/src/rcs.c?r1=1.262.4.65&r2=1.262.4.66&sortby=rev Red Hat: https://bugzilla.redhat.com/show_bug.cgi?id=642146 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 29 15:14:57 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Oct 2010 00:14:57 +0200 Subject: [SEC] [SA42017] IBM OS/400 HTTP Server Denial of Service Vulnerabilities Message-ID: <201010292214.o9TMEvD6010332@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IBM OS/400 HTTP Server Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA42017 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42017/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42017 RELEASE DATE: 2010-10-29 DISCUSS ADVISORY: http://secunia.com/advisories/42017/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42017/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42017 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged a weakness and a vulnerability in OS/400, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA35781 SA41701 SOLUTION: Apply APAR SE45571. ORIGINAL ADVISORY: IBM (SE45571): http://www-01.ibm.com/support/docview.wss?uid=nas27c806e4fd5f0f1dd862577cb003c98b9 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 29 15:46:15 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Oct 2010 00:46:15 +0200 Subject: [SEC] [SA42041] Fedora update for cvs Message-ID: <201010292246.o9TMkFO8031730@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for cvs SECUNIA ADVISORY ID: SA42041 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42041/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42041 RELEASE DATE: 2010-10-30 DISCUSS ADVISORY: http://secunia.com/advisories/42041/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42041/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42041 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for cvs. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA41079 SOLUTION: Apply updated packages via the yum utility ("yum update cvs"). ORIGINAL ADVISORY: FEDORA-2010-16600: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050090.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 29 16:13:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Oct 2010 01:13:05 +0200 Subject: [SEC] [SA41712] 4images Cross-Site Scripting and Request Forgery Vulnerabilities Message-ID: <201010292313.o9TND5Be020530@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: 4images Cross-Site Scripting and Request Forgery Vulnerabilities SECUNIA ADVISORY ID: SA41712 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41712/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41712 RELEASE DATE: 2010-10-30 DISCUSS ADVISORY: http://secunia.com/advisories/41712/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41712/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41712 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in 4images, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks. 1) Input appended to the URL after e.g. admin/plugins/migrate_keywords.php or admin/plugins/clear_cache.php is not properly sanitised in the "show_form_header()" function in admin/admin_functions.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. add an arbitrary group or add an administrative user by tricking a logged in administrative user into visiting a malicious web site. The vulnerabilities are confirmed in version 1.7.8. Other versions may also be affected. SOLUTION: The vendor recommends to edit the source code. Please see the vendor's advisory for more details. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 1) Secunia Research 2) Russ McRee via Secunia ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2010-125/ 4images: http://www.4homepages.de/forum/index.php?topic=28167.0 http://www.4homepages.de/forum/index.php?topic=28168.0 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 29 16:44:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Oct 2010 01:44:46 +0200 Subject: [SEC] [SA42038] HP Insight Managed System Setup Wizard File Disclosure Vulnerability Message-ID: <201010292344.o9TNikvR009550@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HP Insight Managed System Setup Wizard File Disclosure Vulnerability SECUNIA ADVISORY ID: SA42038 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42038/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42038 RELEASE DATE: 2010-10-30 DISCUSS ADVISORY: http://secunia.com/advisories/42038/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42038/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42038 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP Insight Managed System Setup Wizard, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an unspecified error and can be exploited to download arbitrary files. The vulnerability is reported in versions prior to 6.2. SOLUTION: Update to version 6.2 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02605 SSRT100238: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02573176 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 29 17:12:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Oct 2010 02:12:07 +0200 Subject: [SEC] [SA42040] HP Insight Control for Linux Cross Site Request Forgery Vulnerability Message-ID: <201010300012.o9U0C7Uh030763@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HP Insight Control for Linux Cross Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA42040 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42040/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42040 RELEASE DATE: 2010-10-30 DISCUSS ADVISORY: http://secunia.com/advisories/42040/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42040/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42040 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP Insight Control for Linux, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform an unspecified action if a logged-in user visits a malicious web site. The vulnerability is reported in versions prior to 6.2. SOLUTION: Update to version 6.2 or later. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02607 SSRT100214: http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02573692 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 29 17:44:57 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Oct 2010 02:44:57 +0200 Subject: [SEC] [SA42005] IP.Board Personal Conversation Disclosure Vulnerability Message-ID: <201010300044.o9U0ivCP019840@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: IP.Board Personal Conversation Disclosure Vulnerability SECUNIA ADVISORY ID: SA42005 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42005/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42005 RELEASE DATE: 2010-10-30 DISCUSS ADVISORY: http://secunia.com/advisories/42005/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42005/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42005 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IP.Board, which can be exploited by malicious users to disclose sensitive information. The vulnerability is caused due to an error in the personal conversations system, which can be exploited to disclose personal conversations of other users via the conversation IDs. The vulnerability is reported in versions 3.1.3 and prior. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://community.invisionpower.com/topic/323970-ipboard-30x-31x-security-patch-released/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 29 18:09:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Oct 2010 03:09:48 +0200 Subject: [SEC] [SA41644] SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control Buffer Overflow Message-ID: <201010300109.o9U19mhl008539@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control Buffer Overflow SECUNIA ADVISORY ID: SA41644 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41644/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41644 RELEASE DATE: 2010-10-30 DISCUSS ADVISORY: http://secunia.com/advisories/41644/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41644/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41644 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered a vulnerability in SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the "Aventail.EPInstaller" ActiveX control when handling the "Install3rdPartyComponent()" method. This can be exploited to cause a stack-based buffer overflow via specially crafted "CabURL" and "Location" arguments. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 10.5.1.117. Other versions may also be affected. SOLUTION: Update to version 10.5.2 and apply hotfix 3 for version 10.0.5. PROVIDED AND/OR DISCOVERED BY: Dmitriy Pletnev, Secunia Research. ORIGINAL ADVISORY: SonicWALL: http://software.sonicwall.com/Aventail/KB/hotfix/10.0.5/clt-hotfix-10_0_5-003.txt Secunia Research: http://secunia.com/secunia_research/2010-117/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 29 18:23:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Oct 2010 03:23:44 +0200 Subject: [SEC] [SA42032] TFT Gallery "adminlangfile" Local File Inclusion Vulnerability Message-ID: <201010300123.o9U1NiGB029152@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: TFT Gallery "adminlangfile" Local File Inclusion Vulnerability SECUNIA ADVISORY ID: SA42032 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42032/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42032 RELEASE DATE: 2010-10-30 DISCUSS ADVISORY: http://secunia.com/advisories/42032/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42032/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42032 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in TFT Gallery, which can be exploited by malicious people to disclose sensitive information. Input passed via the "adminlangfile" parameter to admin/thumbnailformpost.inc.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences. Successful exploitation of this vulnerability requires that "register_globals" is enabled. The vulnerability is confirmed in version 0.13.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Havok OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 29 18:44:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Oct 2010 03:44:42 +0200 Subject: [SEC] [SA42009] Red Hat update for cups Message-ID: <201010300144.o9U1igVW017666@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for cups SECUNIA ADVISORY ID: SA42009 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42009/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42009 RELEASE DATE: 2010-10-30 DISCUSS ADVISORY: http://secunia.com/advisories/42009/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42009/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42009 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for cups. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise a vulnerable system. For more information: SA40165 SA41706 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010-0811: https://rhn.redhat.com/errata/RHSA-2010-0811.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 29 19:15:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Oct 2010 04:15:37 +0200 Subject: [SEC] [SA42042] Fedora update for glibc Message-ID: <201010300215.o9U2FbnW007142@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for glibc SECUNIA ADVISORY ID: SA42042 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42042/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42042 RELEASE DATE: 2010-10-30 DISCUSS ADVISORY: http://secunia.com/advisories/42042/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42042/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42042 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for glibc. This fixes a weakness, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA41795 SOLUTION: Apply updated packages using the yum utility ("yum update glibc"). ORIGINAL ADVISORY: FEDORA-2010-16655: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050087.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 29 19:45:02 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Oct 2010 04:45:02 +0200 Subject: [SEC] [SA41968] Python smtpd Module Two Denial of Service Vulnerabilities Message-ID: <201010300245.o9U2j2nI028436@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Python smtpd Module Two Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA41968 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41968/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41968 RELEASE DATE: 2010-10-30 DISCUSS ADVISORY: http://secunia.com/advisories/41968/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41968/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41968 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Python, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) A race condition within the "__init__()" method of the SMTPChannel class when acquiring a peername can lead to an unexpected exception being raised causing the process to crash. 2) An error within the "handle_accept()" method of the SMTPServer class when accepting a connection can lead to unexpected exceptions being raised or unexpected types being returned causing the process to crash. This vulnerability is related to: SA41279 The vulnerabilities are reported in version 2.6, 2.7, 3.1, and 3.2. SOLUTION: Fixed in the SVN repository. PROVIDED AND/OR DISCOVERED BY: Reported in a Python bug by Giampaolo Rodola. ORIGINAL ADVISORY: http://bugs.python.org/issue9129 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 29 20:09:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Oct 2010 05:09:34 +0200 Subject: [SEC] [SA42037] HP Insight Recovery Cross-Site Scripting and File Download Vulnerabilities Message-ID: <201010300309.o9U39Ydj017120@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HP Insight Recovery Cross-Site Scripting and File Download Vulnerabilities SECUNIA ADVISORY ID: SA42037 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42037/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42037 RELEASE DATE: 2010-10-30 DISCUSS ADVISORY: http://secunia.com/advisories/42037/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42037/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42037 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in HP Insight Recovery, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information. 1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) An unspecified error can be exploited to download arbitrary files from an affected system. The vulnerabilities are reported in versions prior to 6.2 running on Windows. SOLUTION: Update to version 6.2. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02604 SSRT100320: http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02571464 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 29 20:23:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Oct 2010 05:23:31 +0200 Subject: [SEC] [SA42043] Fedora update for firefox and xulrunner Message-ID: <201010300323.o9U3NVQI005324@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for firefox and xulrunner SECUNIA ADVISORY ID: SA42043 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42043/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42043 RELEASE DATE: 2010-10-30 DISCUSS ADVISORY: http://secunia.com/advisories/42043/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42043/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42043 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for firefox and xulrunner. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA41957 SOLUTION: Apply updated packages using the yum utility ("yum update firefox xulrunner"). ORIGINAL ADVISORY: FEDORA-2010-16883: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050061.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/050062.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 29 20:44:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Oct 2010 05:44:41 +0200 Subject: [SEC] [SA41996] Ubuntu update for thunderbird Message-ID: <201010300344.o9U3ifbp026273@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for thunderbird SECUNIA ADVISORY ID: SA41996 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41996/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41996 RELEASE DATE: 2010-10-30 DISCUSS ADVISORY: http://secunia.com/advisories/41996/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41996/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41996 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for thunderbird. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA41975 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1011-2: http://www.ubuntu.com/usn/usn-1011-2 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 29 21:10:07 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Oct 2010 06:10:07 +0200 Subject: [SEC] [SA42008] Red Hat update for thunderbird Message-ID: <201010300410.o9U4A7lh014996@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Red Hat update for thunderbird SECUNIA ADVISORY ID: SA42008 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42008/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42008 RELEASE DATE: 2010-10-30 DISCUSS ADVISORY: http://secunia.com/advisories/42008/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42008/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42008 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for thunderbird. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA41975 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: RHSA-2010:0812-1: http://rhn.redhat.com/errata/RHSA-2010-0812.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 29 21:24:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Oct 2010 06:24:10 +0200 Subject: [SEC] [SA41972] Ubuntu update for openjdk Message-ID: <201010300424.o9U4OA79003190@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for openjdk SECUNIA ADVISORY ID: SA41972 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41972/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41972 RELEASE DATE: 2010-10-30 DISCUSS ADVISORY: http://secunia.com/advisories/41972/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41972/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41972 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for openjdk. This fixes multiple vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, and compromise a vulnerable system. For more information: SA41791 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1010-1: http://www.ubuntu.com/usn/usn-1010-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 29 21:45:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Oct 2010 06:45:17 +0200 Subject: [SEC] [SA42036] HP Insight Orchestration Two Vulnerabilities Message-ID: <201010300445.o9U4jHPm024138@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HP Insight Orchestration Two Vulnerabilities SECUNIA ADVISORY ID: SA42036 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42036/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42036 RELEASE DATE: 2010-10-30 DISCUSS ADVISORY: http://secunia.com/advisories/42036/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42036/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42036 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in HP Insight Orchestration, which can be exploited by malicious people to disclose sensitive information and bypass certain security restrictions. 1) An unspecified error can be exploited to download arbitrary files from an affected system. 2) An unspecified error can be exploited to gain unauthorized access. No further information is currently available. The vulnerabilities are reported in versions prior to 6.2 running on Windows. SOLUTION: Update to version 6.2 or later. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMA02606 SSRT100321: http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02573285 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Oct 29 22:09:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Oct 2010 07:09:18 +0200 Subject: [SEC] [SA42003] Ubuntu update for xulrunner Message-ID: <201010300509.o9U59Inc012806@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Ubuntu update for xulrunner SECUNIA ADVISORY ID: SA42003 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42003/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42003 RELEASE DATE: 2010-10-30 DISCUSS ADVISORY: http://secunia.com/advisories/42003/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42003/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42003 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for xulrunner. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA41957 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1011-3: https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-October/001193.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 30 10:29:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Oct 2010 19:29:47 +0200 Subject: [SEC] [SA42021] HP LoadRunner Web Tours Directory Traversal Vulnerability Message-ID: <201010301729.o9UHTlWL001271@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: HP LoadRunner Web Tours Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA42021 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42021/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42021 RELEASE DATE: 2010-10-30 DISCUSS ADVISORY: http://secunia.com/advisories/42021/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42021/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42021 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has reported a vulnerability in HP LoadRunner, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the login.pl script of the Web Tours site is not properly verified before being used to create files. This can be exploited to upload content to arbitrary files using directory traversal specifiers in the username. The vulnerability is reported in versions 9.1 and prior. SOLUTION: Apply patches LR90P059 and LR90P057. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: HPSBMA02533 SSRT080049: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02165172 Luigi Auriemma: http://aluigi.altervista.org/adv/willycoyote-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 30 11:29:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Oct 2010 20:29:40 +0200 Subject: [SEC] [SA41961] NetBSD update for openssl Message-ID: <201010301829.o9UITeqE024000@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: NetBSD update for openssl SECUNIA ADVISORY ID: SA41961 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41961/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41961 RELEASE DATE: 2010-10-30 DISCUSS ADVISORY: http://secunia.com/advisories/41961/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41961/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41961 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: NetBSD has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA40906 SOLUTION: Fixed in the CVS repository (please see the vendor advisory for details). ORIGINAL ADVISORY: http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-011.txt.asc OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 30 12:29:53 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Oct 2010 21:29:53 +0200 Subject: [SEC] [SA42023] Palm Pre WebOS Multiple Vulnerabilities Message-ID: <201010301929.o9UJTrPc014292@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Palm Pre WebOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42023 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42023/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42023 RELEASE DATE: 2010-10-30 DISCUSS ADVISORY: http://secunia.com/advisories/42023/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42023/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42023 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Palm Pre WebOS, which can be exploited by malicious people to manipulate certain data and compromise a vulnerable device. 1) An error in the Doc Viewer application may be exploited to execute arbitrary code. 2) An error in the Service API may be exploited to execute arbitrary code, but requires privileges to issue service calls. 3) An error in the Camera application can be exploited to overwrite arbitrary files. The vulnerabilities are reported in version 1.4.1. SOLUTION: Update to version 1.4.5 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits the following people: 1,3) Chris Clark 2) Nils, MWR InfoSecurity ORIGINAL ADVISORY: HPSBMI02573 SSRT100227: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02498311 HPSBMI02580 SSRT100254: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02516786 HPSBMI02582 SSRT100269: http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02518539 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 30 13:29:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Oct 2010 22:29:47 +0200 Subject: [SEC] [SA42030] Adobe Reader / Acrobat Unspecified Code Execution Vulnerability Message-ID: <201010302029.o9UKTls2004543@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Adobe Reader / Acrobat Unspecified Code Execution Vulnerability SECUNIA ADVISORY ID: SA42030 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42030/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42030 RELEASE DATE: 2010-10-30 DISCUSS ADVISORY: http://secunia.com/advisories/42030/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42030/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42030 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Adobe Reader / Acrobat, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a vulnerability in the bundled version of Adobe Flash Player. The vulnerability is confirmed in Adobe Reader version 9.4.0 running on a fully patched Windows XP Professional SP3 system. For more information: SA41917 SOLUTION: Adobe plans to release a fixed version on November 15, 2010. ORIGINAL ADVISORY: Adobe APSA10-05: http://www.adobe.com/support/security/advisories/apsa10-05.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 30 14:24:10 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Oct 2010 23:24:10 +0200 Subject: [SEC] [SA41981] Oracle Mojarra Cryptographic Padding Oracle Information Disclosure Message-ID: <201010302124.o9ULOAcX026986@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Oracle Mojarra Cryptographic Padding Oracle Information Disclosure SECUNIA ADVISORY ID: SA41981 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41981/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41981 RELEASE DATE: 2010-10-30 DISCUSS ADVISORY: http://secunia.com/advisories/41981/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41981/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41981 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Oracle Mojarra, which can be exploited by malicious people to disclose sensitive information. The vulnerability is caused due to improper error handling within Mojarra during cryptographic padding verification with certain algorithms. This can be exploited to decrypt data, e.g. the View State, via returned error codes from an affected server. This is related to: SA41409 SOLUTION: There is no known workaround at this time. PROVIDED AND/OR DISCOVERED BY: Juliano Rizzo and Thai Duong ORIGINAL ADVISORY: Juliano Rizzo and Thai Duong: http://media.blackhat.com/bh-eu-10/whitepapers/Duong_Rizzo/BlackHat-EU-2010-Duong-Rizzo-Padding-Oracle-wp.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 30 14:44:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 30 Oct 2010 23:44:25 +0200 Subject: [SEC] [SA42031] Google Chrome Flash Player Unspecified Code Execution Vulnerability Message-ID: <201010302144.o9ULiPP8015465@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Google Chrome Flash Player Unspecified Code Execution Vulnerability SECUNIA ADVISORY ID: SA42031 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42031/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42031 RELEASE DATE: 2010-10-30 DISCUSS ADVISORY: http://secunia.com/advisories/42031/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42031/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42031 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a vulnerability in the bundled version of Adobe Flash Player. For more information: SA41917 SOLUTION: Do not browse untrusted sites. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Oct 30 15:09:56 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 31 Oct 2010 00:09:56 +0200 Subject: [SEC] [SA42019] Fedora update for firefox and xulrunner Message-ID: <201010302209.o9UM9uvr004176@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fedora update for firefox and xulrunner SECUNIA ADVISORY ID: SA42019 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42019/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42019 RELEASE DATE: 2010-10-30 DISCUSS ADVISORY: http://secunia.com/advisories/42019/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42019/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42019 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct spoofing attacks, bypass certain security restrictions, conduct cross-site scripting attacks, and potentially compromise a user's system. For more information: SA41244 SOLUTION: Apply updated packages using the yum utility ("yum update firefox xulrunner"). ORIGINAL ADVISORY: FEDORA-2010-16593: http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049831.html http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049829.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ----------------------------------------------------------------------