From sec-adv at secunia.com Thu Dec 1 10:32:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 1 Dec 2011 19:32:20 +0100 Subject: [SEC] [SA47068] Parallels Plesk Panel ProFTPD and ISC BIND Vulnerabilities Message-ID: <201112011832.pB1IWKB0005172@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Parallels Plesk Panel ProFTPD and ISC BIND Vulnerabilities SECUNIA ADVISORY ID: SA47068 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47068/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47068 RELEASE DATE: 2011-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/47068/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47068/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47068 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Parallels has acknowledged two vulnerabilities in Parallels Plesk Panel, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to cause a DoS (Denial of Service). 1) The application bundles a vulnerable version of ProFTPD. For more information: SA46811 NOTE: This vulnerability only affects the Linux versions. 2) The application bundles a vulnerable version of ISC BIND. For more information: SA46887 NOTE: This vulnerability only affects the Windows versions. The vulnerabilities are reported in versions 10.1, 10.2, 10.3, and 10.4. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-windows-updates-release-notes.html#10212 http://download1.parallels.com/Plesk/PP10/parallels-plesk-panel-10-linux-updates-release-notes.html#10212 http://kb.parallels.com/112875 http://kb.parallels.com/112876 http://kb.parallels.com/112871 http://kb.parallels.com/112866 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 1 11:33:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 1 Dec 2011 20:33:17 +0100 Subject: [SEC] [SA47016] Debian update for clearsilver Message-ID: <201112011933.pB1JXH89029990@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Debian update for clearsilver SECUNIA ADVISORY ID: SA47016 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47016/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47016 RELEASE DATE: 2011-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/47016/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47016/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47016 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for clearsilver. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. The vulnerability is caused due to a format string error in the "p_cgi_error()" function (python/neo_cgi.c). This can be exploited to e.g. disclose or potentially corrupt memory if malicious input containing format string specifiers is passed to the "error()" method of the CGI handler context. SOLUTION: Apply updated packages via the apt-get package manager. PROVIDED AND/OR DISCOVERED BY: The vendor credits Leo Iannacone and Colin Watson. ORIGINAL ADVISORY: DSA-2355-1: http://lists.debian.org/debian-security-announce/2011/msg00233.html Debian Bug#649322: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649322 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 1 12:32:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 1 Dec 2011 21:32:38 +0100 Subject: [SEC] [SA47063] HP LaserJet Printers / Digital Senders Unauthorized Firmware Update Security Issue Message-ID: <201112012032.pB1KWcTn022328@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: HP LaserJet Printers / Digital Senders Unauthorized Firmware Update Security Issue SECUNIA ADVISORY ID: SA47063 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47063/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47063 RELEASE DATE: 2011-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/47063/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47063/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47063 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in various HP LaserJet Printers and HP Digital Senders, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to an error within the Remote Firmware Update (RFU) mechanism, which does not check for authentication when handling firmware updates. This can be exploited to upload a malicious firmware to device via a specially crafted request to TCP port 9100. Please see the vendor's advisory for the list of affected products. SOLUTION: Disable the "Printer Firmware Update" setting. PROVIDED AND/OR DISCOVERED BY: Salvatore Stolfo and Ang Cui, Columbia University. ORIGINAL ADVISORY: HPSBPI02728 SSRT100692: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03102449 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 1 13:32:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 1 Dec 2011 22:32:18 +0100 Subject: [SEC] [SA47045] StoryBoard Quick Frame File Parsing Buffer Overflow Vulnerability Message-ID: <201112012132.pB1LWI3j014695@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: StoryBoard Quick Frame File Parsing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA47045 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47045/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47045 RELEASE DATE: 2011-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/47045/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47045/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47045 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Nick Freeman has reported a vulnerability in StoryBoard Quick, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error when parsing the "" element field within frame files and can be exploited to cause a stack-based buffer overflow via an overly long string. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 6 Build 3786. Other versions may also be affected. SOLUTION: According to the vendor the latest version is not affected. PROVIDED AND/OR DISCOVERED BY: Nick Freeman, Security-Assessment.com. ORIGINAL ADVISORY: http://www.security-assessment.com/files/documents/advisory/Storyboard_Quick6-Stack_Buffer_Overflow.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 1 14:27:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 1 Dec 2011 23:27:11 +0100 Subject: [SEC] [SA47018] CoDeSys Multiple Vulnerabilities Message-ID: <201112012227.pB1MRBHK006817@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: CoDeSys Multiple Vulnerabilities SECUNIA ADVISORY ID: SA47018 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47018/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47018 RELEASE DATE: 2011-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/47018/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47018/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47018 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered multiple vulnerabilities in CoDeSys, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. 1) An integer overflow error in the Gateway service when processing certain requests can be exploited to cause a heap-based buffer overflow via a specially crafted packet sent to TCP port 1217. 2) A boundary error in the Control service when processing web requests can be exploited to cause a stack-based buffer overflow via an overly long URL sent to TCP port 8080. 3) A NULL pointer dereference error in the CmbWebserver.dll module of the Control service when processing HTTP POST requests can be exploited to deny processing further requests via a specially crafted "Content-Length" header sent to TCP port 8080. 4) A second NULL pointer dereference error in the CmbWebserver.dll module of the Control service when processing web requests can be exploited to deny processing further requests by sending a request with an unknown HTTP method to TCP port 8080. 5) An error in the Control service when processing web requests containing a non-existent directory can be exploited to create arbitrary directories within the webroot via requests sent to TCP port 8080. Successful exploitation of vulnerabilities #1 and #2 allows execution of arbitrary code. The vulnerabilities are confirmed in version 3.4 SP4 Patch 2. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/codesys_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 1 14:46:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 1 Dec 2011 23:46:36 +0100 Subject: [SEC] [SA47021] Serv-U FTP Server Directory Traversal Vulnerability Message-ID: <201112012246.pB1Mkaeb029491@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Serv-U FTP Server Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA47021 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47021/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47021 RELEASE DATE: 2011-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/47021/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47021/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47021 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Kingcope has discovered a vulnerability in Serv-U, which can be exploited by malicious users to disclose potentially sensitive information and manipulate certain data. The vulnerability is caused due to an input sanitisation error within the FTP server and can be exploited to e.g. download or delete files outside of the FTP's root directory via directory traversal attacks. The vulnerability is confirmed in version 10.3.0.1 and 11.1.0.3 on Windows. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Kingcope ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0454.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 1 15:11:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Dec 2011 00:11:48 +0100 Subject: [SEC] [SA47030] Drupal Support Timer Module Multiple Script Insertion Vulnerabilities Message-ID: <201112012311.pB1NBmF7020119@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Drupal Support Timer Module Multiple Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA47030 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47030/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47030 RELEASE DATE: 2011-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/47030/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47030/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47030 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in the Support Timer module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Certain unspecified input is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires the "track time spent" permissions. The vulnerabilities are reported in versions prior to 6.x-1.4. SOLUTION: Update to version 6.x-1.4. PROVIDED AND/OR DISCOVERED BY: The vendor credits Brandon Bergren ORIGINAL ADVISORY: SA-CONTRIB-2011-058: http://drupal.org/node/1357384 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 1 15:47:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Dec 2011 00:47:41 +0100 Subject: [SEC] [SA47056] Drupal Support Ticketing System Module Multiple Script Insertion Vulnerabilities Message-ID: <201112012347.pB1NlfwJ011256@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Drupal Support Ticketing System Module Multiple Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA47056 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47056/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47056 RELEASE DATE: 2011-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/47056/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47056/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47056 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in the Support Ticketing System module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Certain unspecified input is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires the "administer support projects" permissions. The vulnerabilities are reported in versions prior to 6.x-1.7. SOLUTION: Update to version 6.x-1.7. PROVIDED AND/OR DISCOVERED BY: The vendor credits Brandon Bergren. ORIGINAL ADVISORY: SA-CONTRIB-2011-057: http://drupal.org/node/1357378 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 1 16:12:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Dec 2011 01:12:29 +0100 Subject: [SEC] [SA47015] Perl Proc::ProcessTable Module Insecure Temporary File Security Issue Message-ID: <201112020012.pB20CTUI001779@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Perl Proc::ProcessTable Module Insecure Temporary File Security Issue SECUNIA ADVISORY ID: SA47015 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47015/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47015 RELEASE DATE: 2011-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/47015/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47015/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47015 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been discovered in the Proc::ProcessTable module for Perl, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the application using a temporary file in an insecure manner, which can be exploited to e.g. overwrite arbitrary files via symlink attacks. The security issue is confirmed in version 0.45. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Reported by Ansgar Burchardt in a Debian bug report. ORIGINAL ADVISORY: Debian Bug #650500: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650500 CPAN Bug #72862: https://rt.cpan.org/Public/Bug/Display.html?id=72862 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 1 16:47:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Dec 2011 01:47:17 +0100 Subject: [SEC] [SA47067] Serv-U FTPS Server Command Channel SSL Negotiation Vulnerability Message-ID: <201112020047.pB20lHYu025327@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Serv-U FTPS Server Command Channel SSL Negotiation Vulnerability SECUNIA ADVISORY ID: SA47067 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47067/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47067 RELEASE DATE: 2011-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/47067/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47067/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47067 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Serv-U, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to the FTPS server leaving the command channel in an operational state, although the SSL negotiation on the command channel failed. This can be exploited to e.g. perform Man-in-the-Middle (MitM) attacks. The vulnerability is reported in versions prior to 11.1.0.3. SOLUTION: Update to version 11.1.0.3. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.serv-u.com/releasenotes/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 1 17:13:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Dec 2011 02:13:46 +0100 Subject: [SEC] [SA47053] Adobe Flex Cross-Site Scripting Vulnerability Message-ID: <201112020113.pB21Dk5h016000@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Adobe Flex Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA47053 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47053/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47053 RELEASE DATE: 2011-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/47053/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47053/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47053 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Adobe Flex, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input passed to SWF files developed using the framework is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in the following versions: * Adobe Flex SDK versions 4.5.1 and prior for Windows, Macintosh and Linux. * Adobe Flex SDK versions 3.6 and prior for Windows, Macintosh and Linux. SOLUTION: Apply patches (please see the vendor's advisory for more information). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Adobe (APSB11-25): http://www.adobe.com/support/security/bulletins/apsb11-25.html http://kb2.adobe.com/cps/915/cpsid_91544.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 1 17:47:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Dec 2011 02:47:03 +0100 Subject: [SEC] [SA47012] AtMail Open "func" Two Cross-Site Scripting Vulnerabilities Message-ID: <201112020147.pB21l3iA007005@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: AtMail Open "func" Two Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA47012 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47012/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47012 RELEASE DATE: 2011-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/47012/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47012/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47012 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Dognaedis has discovered two vulnerabilities in AtMail Open, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "func" parameter in ldap.php and search.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 1.04. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Dognaedis ORIGINAL ADVISORY: Dognaedis: https://www.dognaedis.com/vulns/DGS-SEC-1.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 1 18:11:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Dec 2011 03:11:32 +0100 Subject: [SEC] [SA47054] Debian update for cups Message-ID: <201112020211.pB22BWtr029968@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Debian update for cups SECUNIA ADVISORY ID: SA47054 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47054/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47054 RELEASE DATE: 2011-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/47054/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47054/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47054 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for cups. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise a vulnerable system. For more information: SA45713 SA45796 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2354-1: http://www.debian.org/security/2011/dsa-2354 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 1 18:46:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Dec 2011 03:46:12 +0100 Subject: [SEC] [SA47035] Drupal Webform Validation Module Multiple Script Insertion Vulnerabilities Message-ID: <201112020246.pB22kCR3021051@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Drupal Webform Validation Module Multiple Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA47035 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47035/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47035 RELEASE DATE: 2011-12-01 DISCUSS ADVISORY: http://secunia.com/advisories/47035/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47035/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47035 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in the Webform Validation module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Certain unspecified input is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires the permissions to update Webform nodes. The vulnerabilities are reported in versions prior to 6.x-1.5 and 7.x-1.1. SOLUTION: Update to version 6.x-1.5 or 7.x-1.1. PROVIDED AND/OR DISCOVERED BY: The vendor credits Justin Klein Keane ORIGINAL ADVISORY: SA-CONTRIB-2011-056: http://drupal.org/node/1357360 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 2 10:31:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Dec 2011 19:31:57 +0100 Subject: [SEC] [SA47061] Hillstone Software HS TFTP Library Denial of Service Vulnerability Message-ID: <201112021831.pB2IVv3o026834@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Hillstone Software HS TFTP Library Denial of Service Vulnerability SECUNIA ADVISORY ID: SA47061 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47061/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47061 RELEASE DATE: 2011-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/47061/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47061/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47061 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Prabhu S Angadi has discovered a vulnerability in the Hillstone Software HS TFTP Library, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing TFTP requests and can be exploited to cause the service to become unresponsive via a specially crafted packet. The vulnerability is confirmed in version 1.3.2. Other versions may also be affected. SOLUTION: Restrict network access to trusted hosts. PROVIDED AND/OR DISCOVERED BY: Prabhu S Angadi, SecPod Technologies ORIGINAL ADVISORY: SecPod: http://secpod.org/advisories/SecPod_Hillstone_Software_HS_TFTP_Server_DoS.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 2 11:32:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Dec 2011 20:32:17 +0100 Subject: [SEC] [SA47044] Final Draft Script File Parsing Buffer Overflow Vulnerabilities Message-ID: <201112021932.pB2JWHwc019234@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Final Draft Script File Parsing Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA47044 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47044/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47044 RELEASE DATE: 2011-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/47044/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47044/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47044 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Nick Freeman has reported multiple vulnerabilities in Final Draft, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to errors when parsing certain tag elements within script files and can be exploited to cause stack-based buffer overflows via overly long strings in e.g. the "", "", "", "", "", "", "", and "" elements. Successful exploitation may allow execution of arbitrary code. The vulnerabilities are reported in versions prior to 8.02. SOLUTION: Update to version 8.02. PROVIDED AND/OR DISCOVERED BY: Nick Freeman, Security-Assessment.com. ORIGINAL ADVISORY: http://www.security-assessment.com/files/documents/advisory/Final_Draft-Multiple_Stack_Buffer_Overflows.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 2 12:32:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Dec 2011 21:32:54 +0100 Subject: [SEC] [SA47009] GOM Player Playlist Parsing Buffer Overflow Vulnerability Message-ID: <201112022032.pB2KWs5N011651@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: GOM Player Playlist Parsing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA47009 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47009/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47009 RELEASE DATE: 2011-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/47009/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47009/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47009 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in GOM Player, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a regression to a vulnerable state. For more information: SA23994 The vulnerability is confirmed in version 2.1.33.5071. Other versions may also be affected. SOLUTION: Do not open files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Debasish Mandal OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 2 13:32:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Dec 2011 22:32:19 +0100 Subject: [SEC] [SA47025] Ipswitch TFTP Server Directory Traversal Vulnerability Message-ID: <201112022132.pB2LWJMn004000@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ipswitch TFTP Server Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA47025 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47025/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47025 RELEASE DATE: 2011-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/47025/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47025/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47025 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Prabhu S Angadi has discovered a vulnerability in Ipswitch TFTP Server, which can be exploited by malicious people to disclose sensitive information. The vulnerability is caused due an input validation error within the TFTP service and can be exploited to download arbitrary files via directory traversal attacks. The vulnerability is confirmed in version 1.0.0.24. Other versions may also be affected. SOLUTION: Restrict network access to the service. PROVIDED AND/OR DISCOVERED BY: Prabhu S Angadi, SecPod Research. ORIGINAL ADVISORY: http://secpod.org/blog/?p=424 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 2 14:27:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Dec 2011 23:27:05 +0100 Subject: [SEC] [SA47034] WikkaWiki Multiple Vulnerabilities Message-ID: <201112022227.pB2MR5pW028511@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: WikkaWiki Multiple Vulnerabilities SECUNIA ADVISORY ID: SA47034 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47034/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47034 RELEASE DATE: 2011-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/47034/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47034/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47034 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and multiple vulnerabilities have been discovered in WikkaWiki, which can be exploited by malicious users to manipulate certain data, conduct SQL injection attacks, and compromise a vulnerable system and by malicious people to disclose potentially sensitive information, conduct cross-site request forgery attacks, and compromise a vulnerable system. 1) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. delete a user when a logged-in administrative user visits a specially crafted web page. 2) Input passed via the "file" POST parameter to wikka.php (when "wakka" is set to a wiki page with "{{files}}" directive and "action" is set to "delete") is not properly verified before being used to delete files. This can be exploited to delete arbitrary files via directory traversal attacks. Successful exploitation requires administrative rights. 3) Input passed via the "file" parameter to wikka.php (when "wakka" is set to a page with "{{files}}" directive and "action" is set to "download") is not properly verified before being used to download files. This can be exploited to download arbitrary files via directory traversal attacks. 4) Input passed via the "default_comment_display" parameter to wikka.php (when "wakka" is set to "UserSettings" and "action" is set to "update") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 5) Input passed via the "file" POST parameter to wikka.php (when "wakka" is set to a wiki page with "{{files}}" directive and "upload" is set to "Upload") is not properly verified before being used to upload files. This can be exploited to e.g. upload and execute arbitrary PHP files with an e.g. ".php.mm" extension. Successful exploitation requires administrative rights or "INTRANET_MODE" to be enabled (disabled by default). 6) Input passed via the "User-Agent" header to wikka.php (when "wakka" is set to a wiki page and appended "/addcomment") is not properly sanitised before being written to a certain file. This can be exploited to inject and potentially execute arbitrary commands. Successful exploitation requires access rights to post comments, "spam_logging" to be enabled (disabled by default), and "spamlog_path" to be set to a file name suitable for PHP execution by the web server ("spamlog.txt.php" by default). The vulnerabilities are confirmed in version 1.3.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised and verified. Do not browse untrusted websites or follow untrusted links while logged in to the application. PROVIDED AND/OR DISCOVERED BY: Egidio Romano aka EgiX ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/18177/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 2 14:47:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Dec 2011 23:47:12 +0100 Subject: [SEC] [SA47066] HP Device Access Manager for HP ProtectTools Unspecified Code Execution Vulnerability Message-ID: <201112022247.pB2MlCwZ018862@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: HP Device Access Manager for HP ProtectTools Unspecified Code Execution Vulnerability SECUNIA ADVISORY ID: SA47066 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47066/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47066 RELEASE DATE: 2011-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/47066/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47066/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47066 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has reported a vulnerability in HP Device Access Manager for HP ProtectTools, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error. No further information in currently available. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in versions prior to 6.1.0.1 (please see the vendor's advisory for the list of affected systems). SOLUTION: Update to version 6.1.0.1 (please see the vendor's advisory for more information). PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA. ORIGINAL ADVISORY: HPSBHF02723 SSRT100536: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03082368 High-Tech Bridge SA: https://www.htbridge.ch/advisory/heap_memory_corruption_in_hp_device_access_manager_for_protect_tools_information_store.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 2 15:11:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Dec 2011 00:11:46 +0100 Subject: [SEC] [SA47004] JBoss AS Administration Console Cross-Site Scripting and Request Forgery Message-ID: <201112022311.pB2NBkF6009449@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: JBoss AS Administration Console Cross-Site Scripting and Request Forgery SECUNIA ADVISORY ID: SA47004 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47004/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47004 RELEASE DATE: 2011-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/47004/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47004/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47004 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in JBoss AS, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks. 1) Certain input passed via the administration console to the message center is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The administration console allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain unspecified actions by tricking a logged in administrator into visiting a malicious web site. The vulnerabilities are reported in version 7.02. Other versions may also be affected. SOLUTION: Fixed in the GIT repository. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits David Black. ORIGINAL ADVISORY: https://bugzilla.redhat.com/show_bug.cgi?id=742984 https://bugzilla.redhat.com/show_bug.cgi?id=743006 https://issues.jboss.org/browse/AS7-2400 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 2 15:47:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Dec 2011 00:47:05 +0100 Subject: [SEC] [SA47081] SUSE update for xorg-x11-server Message-ID: <201112022347.pB2Nl5h7000491@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for xorg-x11-server SECUNIA ADVISORY ID: SA47081 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47081/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47081 RELEASE DATE: 2011-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/47081/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47081/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47081 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for xorg-x11-server. This fixes a weakness and a security issue, which can be exploited by malicious, local users to disclose system and sensitive information and cause a DoS (Denial of Service). For more information: SA46460 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:1292-1: https://hermes.opensuse.org/messages/12730951 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 2 16:12:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Dec 2011 01:12:19 +0100 Subject: [SEC] [SA47083] SUSE update for java-1_5_0-ibm Message-ID: <201112030012.pB30CJT2023574@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for java-1_5_0-ibm SECUNIA ADVISORY ID: SA47083 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47083/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47083 RELEASE DATE: 2011-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/47083/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47083/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47083 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for java-1_5_0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. For more information: SA46512 SA46977 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:1298-1: https://hermes.opensuse.org/messages/12732079 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 2 16:46:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Dec 2011 01:46:51 +0100 Subject: [SEC] [SA47049] Red Hat update for libarchive Message-ID: <201112030046.pB30kplV014662@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for libarchive SECUNIA ADVISORY ID: SA47049 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47049/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47049 RELEASE DATE: 2011-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/47049/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47049/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47049 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for libarchive. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the library. The vulnerabilities are caused due to unspecified errors within archive_read_support_format_iso9660.c and archive_read_support_format_tar.c and can be exploited to cause heap-based buffer overflows by tricking a user into opening a specially crafted ISO 9660 CD-ROM image. SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: RHSA-2011:1507-1: https://rhn.redhat.com/errata/RHSA-2011-1507.html http://code.google.com/p/libarchive/source/detail?r=3160 http://code.google.com/p/libarchive/source/detail?r=3158 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 2 17:14:16 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Dec 2011 02:14:16 +0100 Subject: [SEC] [SA47079] SUSE update for seamonkey Message-ID: <201112030114.pB31EG4G005371@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for seamonkey SECUNIA ADVISORY ID: SA47079 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47079/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47079 RELEASE DATE: 2011-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/47079/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47079/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47079 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for seamonkey. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system. For more information: SA46203 SA46557 SA46757 SA46773 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:1290-1: http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00001.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 2 17:46:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Dec 2011 02:46:57 +0100 Subject: [SEC] [SA47011] SugarCRM Two SQL Injection Vulnerabilities Message-ID: <201112030146.pB31kvSH028769@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SugarCRM Two SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA47011 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47011/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47011 RELEASE DATE: 2011-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/47011/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47011/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47011 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered two vulnerabilities in SugarCRM, which can be exploited by malicious users to conduct SQL injection attacks. Input passed via the "where" and "order" parameters to index.php (when "entryPoint" is set to "json", "action" is set to "get_full_list", and "module" is set to "Leads") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in versions prior to 6.1.7 and 6.2.4 and confirmed in version 6.1.1. SOLUTION: Update to version 6.1.7 or 6.2.4. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: SugarCRM: http://www.sugarcrm.com/crm/support/bugs.html#issue_47800 http://www.sugarcrm.com/crm/support/bugs.html#issue_47839 HTB23051: https://www.htbridge.ch/advisory/sql_injection_in_sugarcrm.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 2 18:11:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Dec 2011 03:11:52 +0100 Subject: [SEC] [SA47085] HP Device Access Manager for HP ProtectTools Unspecified Code Execution Vulnerability Message-ID: <201112030211.pB32Bq2f019360@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: HP Device Access Manager for HP ProtectTools Unspecified Code Execution Vulnerability SECUNIA ADVISORY ID: SA47085 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47085/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47085 RELEASE DATE: 2011-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/47085/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47085/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47085 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has reported a vulnerability in HP Device Access Manager for HP ProtectTools, which can be exploited by malicious people to compromise a user's system. For more information: SA47066 The vulnerability is reported in version 5.0.0.5. Other versions may also be affected (please see the vendor's advisory for the list of affected systems). SOLUTION: Upgrade to version 6.1.0.1 (please see the vendor's advisory for more information). PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA. ORIGINAL ADVISORY: HPSBHF02723 SSRT100536: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03082368 High-Tech Bridge SA: https://www.htbridge.ch/advisory/heap_memory_corruption_in_hp_device_access_manager_for_protect_tools_information_store.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 2 18:46:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Dec 2011 03:46:56 +0100 Subject: [SEC] [SA47057] Ariadne URL Cross-Site Scripting Vulnerability Message-ID: <201112030246.pB32kuTW010469@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ariadne URL Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA47057 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47057/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47057 RELEASE DATE: 2011-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/47057/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47057/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47057 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Stefan Schurtz has discovered a vulnerability in Ariadne, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the URL after e.g. index.php and loader.php is not properly sanitised before being returned to the user when access is denied. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 2.7.6. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Stefan Schurtz ORIGINAL ADVISORY: SSCHADV2011-038: http://www.rul3z.de/advisories/SSCHADV2011-038.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 2 19:17:15 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Dec 2011 04:17:15 +0100 Subject: [SEC] [SA47031] Debian update for openjdk-6 Message-ID: <201112030317.pB33HFBE001710@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Debian update for openjdk-6 SECUNIA ADVISORY ID: SA47031 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47031/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47031 RELEASE DATE: 2011-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/47031/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47031/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47031 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for openjdk-6. This fixes multiple vulnerabilities, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, and compromise a vulnerable system. For more information: SA46512 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2356-1: http://www.debian.org/security/2011/dsa-2356 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 2 19:48:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Dec 2011 04:48:14 +0100 Subject: [SEC] [SA47084] Perl PAR Module Insecure Temporary File Security Issue Message-ID: <201112030348.pB33mEBu025079@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Perl PAR Module Insecure Temporary File Security Issue SECUNIA ADVISORY ID: SA47084 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47084/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47084 RELEASE DATE: 2011-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/47084/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47084/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47084 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in the PAR module for Perl, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the application using temporary files in an insecure manner, which can be exploited to e.g. overwrite arbitrary files via symlink attacks. The security issue is reported in versions prior to 1.003. SOLUTION: Update to version 1.003. PROVIDED AND/OR DISCOVERED BY: Reported by John Lightsey in a bug report. ORIGINAL ADVISORY: PAR: http://cpansearch.perl.org/src/RSCHUPP/PAR-1.003/ChangeLog John Lightsey: https://rt.cpan.org/Public/Bug/Display.html?id=69560 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 2 20:13:25 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Dec 2011 05:13:25 +0100 Subject: [SEC] [SA47055] Perl PAR-Packer Module Insecure Temporary File Security Issue Message-ID: <201112030413.pB34DPSa015688@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Perl PAR-Packer Module Insecure Temporary File Security Issue SECUNIA ADVISORY ID: SA47055 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47055/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47055 RELEASE DATE: 2011-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/47055/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47055/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47055 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in the PAR-Packer module for Perl, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the application using temporary files in an insecure manner, which can be exploited to e.g. overwrite arbitrary files via symlink attacks. The security issue is reported in versions prior to 1.011. SOLUTION: Update to version 1.011. PROVIDED AND/OR DISCOVERED BY: Reported by John Lightsey in a bug report. ORIGINAL ADVISORY: PAR-Packer: http://cpansearch.perl.org/src/RSCHUPP/PAR-Packer-1.011/ChangeLog John Lightsey: https://rt.cpan.org/Public/Bug/Display.html?id=69560 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 2 20:48:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Dec 2011 05:48:41 +0100 Subject: [SEC] [SA47050] SUSE update for pidgin Message-ID: <201112030448.pB34meb6006798@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for pidgin SECUNIA ADVISORY ID: SA47050 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47050/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47050 RELEASE DATE: 2011-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/47050/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47050/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47050 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for pidgin. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA46298 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:1291-1: https://hermes.opensuse.org/messages/12720031 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 2 21:13:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Dec 2011 06:13:43 +0100 Subject: [SEC] [SA47042] Red Hat update for cyrus-imapd Message-ID: <201112030513.pB35Dhv1029789@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for cyrus-imapd SECUNIA ADVISORY ID: SA47042 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47042/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47042 RELEASE DATE: 2011-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/47042/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47042/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47042 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for cyrus-imapd. This fixes two vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service). For more information: SA45938 SA46093 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1508-1: https://rhn.redhat.com/errata/RHSA-2011-1508.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 2 21:48:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Dec 2011 06:48:24 +0100 Subject: [SEC] [SA47075] HP-UX update for BIND Message-ID: <201112030548.pB35mOMv020883@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: HP-UX update for BIND SECUNIA ADVISORY ID: SA47075 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47075/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47075 RELEASE DATE: 2011-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/47075/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47075/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47075 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: HP has issued an update for BIND in HP-UX. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA46887 The vulnerability is reported in the following versions: * HP-UX B.11.11 and B.11.23 running BIND 9.2. * HP-UX B.11.31 running BIND 9.3 prior to C.9.3.2.10.1. * HP-UX B.11.11 and B.11.23 running BIND 9.3 prior to C.9.3.2.9.1. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: HPSBUX02729 SSRT100687: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03105548 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 2 22:13:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Dec 2011 07:13:44 +0100 Subject: [SEC] [SA47051] Hero Framework "month" Cross-Site Scripting Vulnerability Message-ID: <201112030613.pB36Diwc011509@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Hero Framework "month" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA47051 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47051/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47051 RELEASE DATE: 2011-12-02 DISCUSS ADVISORY: http://secunia.com/advisories/47051/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47051/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47051 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gjoko Krstic has reported a vulnerability in Hero Framework, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "month" parameter to events is not properly sanitised in a certain template file before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in version 3.69 (2011-11-29). Prior versions may also be affected. SOLUTION: Update to the latest version. PROVIDED AND/OR DISCOVERED BY: Gjoko Krstic, Zero Science Lab ORIGINAL ADVISORY: ZSL-2011-5061: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5061.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 5 10:35:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 5 Dec 2011 19:35:24 +0100 Subject: [SEC] [SA47010] Meditate "username_input" SQL Injection Vulnerability Message-ID: <201112051835.pB5IZOCv023392@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Meditate "username_input" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA47010 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47010/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47010 RELEASE DATE: 2011-12-05 DISCUSS ADVISORY: http://secunia.com/advisories/47010/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47010/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47010 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Stefan Schurtz has discovered a vulnerability in Meditate, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "username_input" POST parameter to index.php (when "page" is set to "login") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.1. Prior versions may also be affected. SOLUTION: Fixed in version 1.2.1. PROVIDED AND/OR DISCOVERED BY: Stefan Schurtz via Secunia. ORIGINAL ADVISORY: Meditate: http://www.arlomedia.com/software/meditate/meditate/docs/release_notes.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 5 11:32:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 5 Dec 2011 20:32:38 +0100 Subject: [SEC] [SA47095] Serv-U Data Connection Processing Denial of Service and Session Token Weakness Message-ID: <201112051932.pB5JWcIF015664@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Serv-U Data Connection Processing Denial of Service and Session Token Weakness SECUNIA ADVISORY ID: SA47095 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47095/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47095 RELEASE DATE: 2011-12-05 DISCUSS ADVISORY: http://secunia.com/advisories/47095/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47095/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47095 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered a vulnerability and a weakness in Serv-U, which can be exploited by malicious users to cause a DoS (Denial of Service) and bypass certain security restrictions. 1) An error when handling listening sockets to process a data connection can be exploited to exhaust available TCP ports via a large volume of FTP PASV commands resulting in inability to process further passive connections. 2) The Management Console generates a weak session token when an administrative user logs in, which allows to enumerate a valid token and e.g. create an arbitrary user via the FTP bounce attack. Successful exploitation of this weakness requires a user account with read and write privileges and for an administrative user to have the console open. The vulnerability and the weakness are confirmed in version 11.1.0.3. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: Luigi Auriemma http://aluigi.altervista.org/adv/servu_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 5 12:31:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 5 Dec 2011 21:31:54 +0100 Subject: [SEC] [SA47069] Family Connections "argv[1]" Command Execution Vulnerability Message-ID: <201112052031.pB5KVsJC008048@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Family Connections "argv[1]" Command Execution Vulnerability SECUNIA ADVISORY ID: SA47069 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47069/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47069 RELEASE DATE: 2011-12-05 DISCUSS ADVISORY: http://secunia.com/advisories/47069/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47069/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47069 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Family Connections, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "argv[1]" parameter to dev/less.php is not properly sanitised before being used in a "system()" call. This can be exploited to execute arbitrary shell commands. Successful exploitation requires that "register_globals" is enabled. The vulnerability is confirmed in version 2.7.1. Other versions may also be affected. SOLUTION: Remove the dev/ folder. PROVIDED AND/OR DISCOVERED BY: mr_me ORIGINAL ADVISORY: https://www.familycms.com/blog/2011/11/security-vulnerability-fcms-2-5-2-7-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 5 13:31:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 5 Dec 2011 22:31:43 +0100 Subject: [SEC] [SA47038] Debian update for evince Message-ID: <201112052131.pB5LVhZB000356@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Debian update for evince SECUNIA ADVISORY ID: SA47038 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47038/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47038 RELEASE DATE: 2011-12-05 DISCUSS ADVISORY: http://secunia.com/advisories/47038/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47038/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47038 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for evince. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA42769 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2357-1: http://lists.debian.org/debian-security-announce/2011/msg00235.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 5 14:25:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 5 Dec 2011 23:25:48 +0100 Subject: [SEC] [SA47074] Ubuntu update for linux Message-ID: <201112052225.pB5MPmoI024935@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux SECUNIA ADVISORY ID: SA47074 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47074/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47074 RELEASE DATE: 2011-12-05 DISCUSS ADVISORY: http://secunia.com/advisories/47074/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47074/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47074 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges and by malicious people to cause a DoS. For more information: SA40205 SA44094 SA44754 SA45420 SA46584 SA46591 SA46802 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1286-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-December/001505.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 5 14:46:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 5 Dec 2011 23:46:43 +0100 Subject: [SEC] [SA47092] WordPress Lazyest Backup Plugin "xml_or_all" Cross-Site Scripting Vulnerability Message-ID: <201112052246.pB5MkhII015356@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: WordPress Lazyest Backup Plugin "xml_or_all" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA47092 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47092/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47092 RELEASE DATE: 2011-12-05 DISCUSS ADVISORY: http://secunia.com/advisories/47092/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47092/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47092 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Lazyest Backup plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "xml_or_all" parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 0.2.2. SOLUTION: Update to version 0.2.2. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: WordPress Lazyest Backup Plugin: http://wordpress.org/extend/plugins/lazyest-backup/changelog/ http://plugins.trac.wordpress.org/changeset?reponame=&new=470737%40lazyest-backup&old=468541%40lazyest-backup OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 5 15:11:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Dec 2011 00:11:38 +0100 Subject: [SEC] [SA47003] Ctek SkyRouter 4200 / 4300 "PINGADDRESS" Command Injection Vulnerability Message-ID: <201112052311.pB5NBcK9005970@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ctek SkyRouter 4200 / 4300 "PINGADDRESS" Command Injection Vulnerability SECUNIA ADVISORY ID: SA47003 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47003/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47003 RELEASE DATE: 2011-12-05 DISCUSS ADVISORY: http://secunia.com/advisories/47003/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47003/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47003 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Ctek SkyRouter 4200 and Ctek SkyRouter 4300, which can be exploited by malicious people to compromise a vulnerable device. Input passed via the "PINGADDRESS" parameter to apps/a3/cfg_ethping.cgi is not properly verified before being used. This can be exploited to inject and execute arbitrary shell commands. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Reported in a Metasploit module by Josh Brashars. ORIGINAL ADVISORY: http://dev.metasploit.com/redmine/issues/5610 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 5 15:46:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Dec 2011 00:46:26 +0100 Subject: [SEC] [SA47093] WordPress Pretty Link Plugin Unspecified Cross-Site Scripting Vulnerability Message-ID: <201112052346.pB5NkQTb029487@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: WordPress Pretty Link Plugin Unspecified Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA47093 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47093/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47093 RELEASE DATE: 2011-12-05 DISCUSS ADVISORY: http://secunia.com/advisories/47093/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47093/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47093 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Pretty Link plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. This vulnerability is reported in versions prior to 1.5.1. SOLUTION: Update to version 1.5.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: WordPress Pretty Link Plugin: http://wordpress.org/extend/plugins/pretty-link/changelog/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 5 16:11:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Dec 2011 01:11:55 +0100 Subject: [SEC] [SA47058] Iron Mountain Connected Backup Opcode 13 Processing Command Injection Vulnerability Message-ID: <201112060011.pB60Btoq020153@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Iron Mountain Connected Backup Opcode 13 Processing Command Injection Vulnerability SECUNIA ADVISORY ID: SA47058 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47058/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47058 RELEASE DATE: 2011-12-05 DISCUSS ADVISORY: http://secunia.com/advisories/47058/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47058/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47058 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Iron Mountain Connected Backup, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the agent service not verifying certain input passed to a "System.getRunTime.exec()" call within the "LaunchCompoundFileAnalyzer" class when processing a request containing opcode 13. This can be exploited to inject and execute arbitrary shell commands via specially crafted packets sent to TCP port 16388. The vulnerability is reported in version 8.4. Other versions may also be affected. SOLUTION: Update to a fixed version. Contact the vendor for details. PROVIDED AND/OR DISCOVERED BY: An anonymous person via ZDI ORIGINAL ADVISORY: ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-339/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 5 16:46:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Dec 2011 01:46:38 +0100 Subject: [SEC] [SA47104] Blue Coat ProxyAV libpng Buffer Overflow Vulnerability Message-ID: <201112060046.pB60kc9t011263@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Blue Coat ProxyAV libpng Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA47104 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47104/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47104 RELEASE DATE: 2011-12-05 DISCUSS ADVISORY: http://secunia.com/advisories/47104/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47104/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47104 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Blue Coat has acknowledged a vulnerability in Blue Coat ProxyAV, which can be exploited by malicious people to compromise a vulnerable device. For more information see vulnerability #1 in: SA40302 The vulnerability is reported in versions prior to 3.4.1.1. SOLUTION: Update to version 3.4.1.1. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: Blue Coat (SA65): https://kb.bluecoat.com/index?page=content&id=SA65 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 5 17:14:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Dec 2011 02:14:03 +0100 Subject: [SEC] [SA47032] xt:Commerce Cross-Site Request Forgery Vulnerability Message-ID: <201112060114.pB61E3nv001937@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: xt:Commerce Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA47032 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47032/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47032 RELEASE DATE: 2011-12-05 DISCUSS ADVISORY: http://secunia.com/advisories/47032/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47032/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47032 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Dishix has discovered a vulnerability in xt:Commerce, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. grant administrative privileges to a user by tricking an administrative user into visiting a malicious web site. The vulnerability is confirmed in version 3.0.4 SP2.1. Other versions may also be affected. SOLUTION: Do not browse untrusted websites or follow untrusted links while logged in to the application. PROVIDED AND/OR DISCOVERED BY: Dishix ORIGINAL ADVISORY: http://dishix.blogspot.com/2011/11/exploiting-xtcommerce-v304-sp21-cross.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 5 17:47:04 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Dec 2011 02:47:04 +0100 Subject: [SEC] [SA47112] Apache ActiveMQ Failover Mechanism Denial of Service Vulnerability Message-ID: <201112060147.pB61l4gi025426@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Apache ActiveMQ Failover Mechanism Denial of Service Vulnerability SECUNIA ADVISORY ID: SA47112 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47112/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47112 RELEASE DATE: 2011-12-05 DISCUSS ADVISORY: http://secunia.com/advisories/47112/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47112/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47112 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Apache ActiveMQ, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the failover mechanism when handling openwire connection requests, which can be exploited to trigger an exception and crash the broker service. The vulnerability is reported in versions 5.2.0 and 5.5.0. Other versions may also be affected. SOLUTION: Fixed in the SVN repository. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by Luca Carettoni in a bug report. ORIGINAL ADVISORY: https://issues.apache.org/jira/browse/AMQ-3294 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 6 10:33:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Dec 2011 19:33:30 +0100 Subject: [SEC] [SA47103] Moodle Multiple Vulnerabilities Message-ID: <201112061833.pB6IXUa3001864@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Moodle Multiple Vulnerabilities SECUNIA ADVISORY ID: SA47103 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47103/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47103 RELEASE DATE: 2011-12-06 DISCUSS ADVISORY: http://secunia.com/advisories/47103/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47103/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47103 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Moodle, which can be exploited by malicious people to disclose potentially sensitive information, conduct HTTP header injection and spoofing attacks, and bypass certain security restrictions. 1) An error related to the history and deletion user interfaces (UIs) within the wiki can lead to disclosure of the username of a creator. 2) An error related to the messaging interface using user/action_redir can lead to disclosure of the email address of a user. This is related to vulnerability #1 in: SA47076 3) The weakness is caused due to improper handling of HTTP request headers related to calendar/set.php and can be exploited to inject arbitrary headers. This is related to vulnerability #2 in: SA47076 4) Due to an error within the web services login restrictions are not properly enforced when authenticating users. These vulnerabilities are reported in versions 2.1 through 2.1.2+ and versions 2.0 through 2.0.5+. 5) Certain unspecified input passed via the "$returnurl" variable within the Calendar set page is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website. This vulnerability is reported in versions 2.1 through 2.1.2+. SOLUTION: Update to version 2.1.3 or later or version 2.0.6 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Sunner Sun 2) Fernando Graells 3) David Michael Evans, German Sanchez Garces 4) Petr ?koda 5) Dan Marsden ORIGINAL ADVISORY: Moodle (MSA-11-0042, MSA-11-0043, MSA-11-0047, MSA-11-0051, and MSA-11-0054): http://moodle.org/mod/forum/discuss.php?d=191747 http://moodle.org/mod/forum/discuss.php?d=191748 http://moodle.org/mod/forum/discuss.php?d=191754 http://moodle.org/mod/forum/discuss.php?d=191759 http://moodle.org/mod/forum/discuss.php?d=191762 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 6 11:37:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Dec 2011 20:37:49 +0100 Subject: [SEC] [SA47076] Moodle Multiple Vulnerabilities Message-ID: <201112061937.pB6JbnKH026976@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Moodle Multiple Vulnerabilities SECUNIA ADVISORY ID: SA47076 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47076/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47076 RELEASE DATE: 2011-12-06 DISCUSS ADVISORY: http://secunia.com/advisories/47076/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47076/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47076 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Moodle, which can be exploited by malicious people to conduct HTTP header injection attacks, disclose potentially sensitive information, and bypass certain security restrictions. 1) An error related to the messaging interface using user/action_redir can lead to disclosure of the email address of a user. 2) The weakness is caused due to improper handling of HTTP request headers related to calendar/set.php and can be exploited to inject arbitrary headers. 3) The security issue is caused due to improper handling of IP address restrictions via XMLRPC and can lead to a bypass of the restrictions. The vulnerabilities are reported in versions 1.9 through 1.9.14+. SOLUTION: Update to version 1.9.15 or later. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Fernando Graells 2) David Michael Evans, German Sanchez Garces 3) Patrick McNeill ORIGINAL ADVISORY: Moodle (MSA-11-0047, MSA-11-0049, and MSA-11-0054): http://moodle.org/mod/forum/discuss.php?d=191754 http://moodle.org/mod/forum/discuss.php?d=191756 http://moodle.org/mod/forum/discuss.php?d=191762 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 6 12:31:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Dec 2011 21:31:45 +0100 Subject: [SEC] [SA47064] GNU C Library "__tzfile_read()" Buffer Overflow Vulnerability Message-ID: <201112062031.pB6KVjj8019073@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: GNU C Library "__tzfile_read()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA47064 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47064/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47064 RELEASE DATE: 2011-12-06 DISCUSS ADVISORY: http://secunia.com/advisories/47064/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47064/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47064 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the GNU C Library, which potentially can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to an error within the "__tzfile_read()" function (time/tzfile.c) and can be exploited to cause a heap-based buffer overflow via a specially crafted timezone file. Successful exploitation may allow the execution of arbitrary code but requires that a malicious timezone file is loaded (e.g. by uploading it into the chroot of an FTP server). The vulnerability is confirmed in version 2.14.1. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: dividead Additional information about the attack vector provided by Kingcope. ORIGINAL ADVISORY: Dividead: http://dividead.wordpress.com/2009/06/01/glibc-timezone-integer-overflow/ Kingcope: http://archives.neohapsis.com/archives/fulldisclosure/2011-12/0059.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 6 13:33:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Dec 2011 22:33:58 +0100 Subject: [SEC] [SA47022] FreeBSD libc chroot Library Loading Vulnerability Message-ID: <201112062133.pB6LXwwA011606@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: FreeBSD libc chroot Library Loading Vulnerability SECUNIA ADVISORY ID: SA47022 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47022/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47022 RELEASE DATE: 2011-12-06 DISCUSS ADVISORY: http://secunia.com/advisories/47022/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47022/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47022 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Kingcope has discovered a vulnerability in FreeBSD, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due libc loading certain libraries dynamically. In combination with e.g. a FTP service (e.g. FreeBSD's ftpd) running in a chroot, this can be exploited to execute arbitrary code by uploading malicious libraries and then triggering libc to load them. The vulnerability is confirmed in FreeBSD 8.1. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Kingcope ORIGINAL ADVISORY: Kingcope: http://archives.neohapsis.com/archives/fulldisclosure/2011-12/0038.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 6 14:29:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Dec 2011 23:29:57 +0100 Subject: [SEC] [SA47106] WSN Products Multiple Vulnerabilities Message-ID: <201112062229.pB6MTvM6003810@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: WSN Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA47106 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47106/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47106 RELEASE DATE: 2011-12-06 DISCUSS ADVISORY: http://secunia.com/advisories/47106/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47106/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47106 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in WSN products, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Certain input passed via the URL appended to e.g. suggest.php, sitemap.php, register.php, leaders.php, index.php, and contactform.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "perpage" parameter in memberlist.php (when "ascdesc" and "field" are set) is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 3) Input passed to the "dayID" parameter in calendar.php (when "yearID" and "monthID" are set) is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This vulnerability only affects products with calendar functionality. The vulnerabilities are reported in the following products: * WSN Classifieds * WSN Gallery * WSN Knowledge Base * WSN Forum * WSN Directory * WSN Software Directory * WSN Shop SOLUTION: Updated to version 6.2.20, 6.1.22, 6.0.34, 5.1.64, or 5.0.87. PROVIDED AND/OR DISCOVERED BY: Avram Marius Gabriel (d3v1l) ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/18193/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 6 14:47:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Dec 2011 23:47:50 +0100 Subject: [SEC] [SA47120] Kayako Fusion Reports Information Disclosure Weakness Message-ID: <201112062247.pB6MlowN026486@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Kayako Fusion Reports Information Disclosure Weakness SECUNIA ADVISORY ID: SA47120 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47120/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47120 RELEASE DATE: 2011-12-06 DISCUSS ADVISORY: http://secunia.com/advisories/47120/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47120/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47120 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Positive Research Center has reported a weakness in Kayako Fusion, which can be exploited by malicious users to disclose sensitive information. The weakness is caused due to the application not properly restricting access to password hash fields when generating reports. Successful exploitation requires membership of the "Staff" team. SOLUTION: Update to version 4.30.745. PROVIDED AND/OR DISCOVERED BY: Yuri Goltsev and Alexander Zaitsev, Positive Research Center. ORIGINAL ADVISORY: PT-2011-43: http://en.securitylab.ru/lab/PT-2011-43 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 6 15:11:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Dec 2011 00:11:50 +0100 Subject: [SEC] [SA47129] Microsoft Internet Explorer Cache Objects History Enumeration Weakness Message-ID: <201112062311.pB6NBoYp017058@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Microsoft Internet Explorer Cache Objects History Enumeration Weakness SECUNIA ADVISORY ID: SA47129 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47129/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47129 RELEASE DATE: 2011-12-06 DISCUSS ADVISORY: http://secunia.com/advisories/47129/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47129/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47129 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been discovered in Microsoft Internet Explorer, which can be exploited by malicious people to disclose sensitive information. The weakness is caused due to an error when handling cache objects and can be exploited to enumerate visited sites. The weakness is confirmed in Internet Explorer 6, 7, 8, and 9. Other versions may also be affected. SOLUTION: Enable "InPrivate Browsing" when browsing untrusted websites or do not browse untrusted websites. PROVIDED AND/OR DISCOVERED BY: Originally discussed by Edward W. Felten and Michael A. Schneider, Princeton University. Additional information and proof provided by Michal Zalewski. ORIGINAL ADVISORY: Edward W. Felten and Michael A. Schneider: http://sip.cs.princeton.edu/pub/webtiming.pdf Michal Zalewski: http://lcamtuf.coredump.cx/cachetime/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 6 15:46:47 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Dec 2011 00:46:47 +0100 Subject: [SEC] [SA47097] SUSE update for nginx-1.0 Message-ID: <201112062346.pB6Nkl9D008194@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for nginx-1.0 SECUNIA ADVISORY ID: SA47097 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47097/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47097 RELEASE DATE: 2011-12-06 DISCUSS ADVISORY: http://secunia.com/advisories/47097/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47097/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47097 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for nginx-1.0. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system. For more information: SA46798 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:1300-1: https://hermes.opensuse.org/messages/12768388 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 6 16:13:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Dec 2011 01:13:17 +0100 Subject: [SEC] [SA47128] Opera Cache Objects History Enumeration Weakness Message-ID: <201112070013.pB70DHPw031302@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Opera Cache Objects History Enumeration Weakness SECUNIA ADVISORY ID: SA47128 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47128/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47128 RELEASE DATE: 2011-12-06 DISCUSS ADVISORY: http://secunia.com/advisories/47128/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47128/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47128 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been discovered in Opera, which can be exploited by malicious people to disclose sensitive information. The weakness is caused due to an error when handling cache objects and can be exploited to enumerate visited sites. The weakness is confirmed in version 11.60. Other versions may also be affected. SOLUTION: Enable "Private Browsing" when browsing untrusted websites. PROVIDED AND/OR DISCOVERED BY: Originally discussed by Edward W. Felten and Michael A. Schneider, Princeton University. Additional information and proof provided by Michal Zalewski. ORIGINAL ADVISORY: Edward W. Felten and Michael A. Schneider: http://sip.cs.princeton.edu/pub/webtiming.pdf Michal Zalewski: http://lcamtuf.coredump.cx/cachetime/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 6 16:47:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Dec 2011 01:47:14 +0100 Subject: [SEC] [SA47127] Google Chrome Cache Objects History Enumeration Weakness Message-ID: <201112070047.pB70lE7f022389@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Google Chrome Cache Objects History Enumeration Weakness SECUNIA ADVISORY ID: SA47127 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47127/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47127 RELEASE DATE: 2011-12-06 DISCUSS ADVISORY: http://secunia.com/advisories/47127/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47127/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47127 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been discovered in Google Chrome, which can be exploited by malicious people to disclose sensitive information. The weakness is caused due to an error when handling cache objects and can be exploited to enumerate visited sites. The weakness is confirmed in version 15.0.874.121. Other versions may also be affected. SOLUTION: Use "incognito mode" when browsing untrusted websites. PROVIDED AND/OR DISCOVERED BY: Originally discussed by Edward W. Felten and Michael A. Schneider, Princeton University. Additional information and proof provided by Michal Zalewski. ORIGINAL ADVISORY: Edward W. Felten and Michael A. Schneider: http://sip.cs.princeton.edu/pub/webtiming.pdf Michal Zalewski: http://lcamtuf.coredump.cx/cachetime/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 6 17:16:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Dec 2011 02:16:55 +0100 Subject: [SEC] [SA47072] EPractize Labs Subscription Manager "email" Code Injection Vulnerability Message-ID: <201112070116.pB71GtOK013269@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: EPractize Labs Subscription Manager "email" Code Injection Vulnerability SECUNIA ADVISORY ID: SA47072 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47072/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47072 RELEASE DATE: 2011-12-06 DISCUSS ADVISORY: http://secunia.com/advisories/47072/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47072/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47072 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in EPractize Labs Subscription Manager, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "email" parameter in showImg.php is not properly sanitised before being used to be written to a file specified by the "db" parameter. This can be exploited to inject and execute arbitrary PHP code. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: Jan van Niekerk ORIGINAL ADVISORY: Jan van Niekerk: http://archives.neohapsis.com/archives/fulldisclosure/current/0118.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 6 17:47:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Dec 2011 02:47:40 +0100 Subject: [SEC] [SA47090] Mozilla Firefox Cache Objects History Enumeration Weakness Message-ID: <201112070147.pB71leEt004171@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Mozilla Firefox Cache Objects History Enumeration Weakness SECUNIA ADVISORY ID: SA47090 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47090/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47090 RELEASE DATE: 2011-12-06 DISCUSS ADVISORY: http://secunia.com/advisories/47090/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47090/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47090 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been discovered in Mozilla Firefox, which can be exploited by malicious people to disclose sensitive information. The weakness is caused due to an error when handling cache objects and can be exploited to enumerate visited sites. The weakness is confirmed in version 8.0.1. Other versions may also be affected. SOLUTION: Enable "Private Browsing" when browsing untrusted websites. PROVIDED AND/OR DISCOVERED BY: Originally discussed by Edward W. Felten and Michael A. Schneider, Princeton University. Additional information and proof provided by Michal Zalewski. ORIGINAL ADVISORY: Edward W. Felten and Michael A. Schneider: http://sip.cs.princeton.edu/pub/webtiming.pdf Michal Zalewski: http://lcamtuf.coredump.cx/cachetime/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 6 18:12:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Dec 2011 03:12:19 +0100 Subject: [SEC] [SA47125] Red Hat update for tomcat6 Message-ID: <201112070212.pB72CJAh027183@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for tomcat6 SECUNIA ADVISORY ID: SA47125 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47125/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47125 RELEASE DATE: 2011-12-06 DISCUSS ADVISORY: http://secunia.com/advisories/47125/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47125/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47125 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for tomcat6. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose sensitive information, bypass certain security restrictions, or cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information and bypass certain security restrictions. For more information: SA44981 SA45232 SA45748 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1780-01: https://rhn.redhat.com/errata/RHSA-2011-1780.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 6 18:47:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Dec 2011 03:47:48 +0100 Subject: [SEC] [SA47077] Opera Multiple Vulnerabilities Message-ID: <201112070247.pB72lmgu018354@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Opera Multiple Vulnerabilities SECUNIA ADVISORY ID: SA47077 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47077/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47077 RELEASE DATE: 2011-12-06 DISCUSS ADVISORY: http://secunia.com/advisories/47077/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47077/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47077 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Opera, where one has an unknown impact and others can be exploited by malicious people to bypass certain security features, disclose potentially sensitive information, and hijack a user's session. 1) An unspecified error exists. No further information is currently available. 2) An error when applying domain restrictions to handle cookies and scripting context within some top level domains can be exploited by other sites in that top level domain to access cookies or communicate with scripts. 3) A design error exists within the implementation of SSL 3.0 and TLS 1.0 protocols. For more information: SA46168 4) An error when handling the JavaScript "in" operator while executing scripts can be exploited to bypass the cross-domain policy restriction and check for the existence of variables on other sites. The vulnerabilities are reported in versions prior to 11.60. SOLUTION: Update to version 11.60. PROVIDED AND/OR DISCOVERED BY: 1, 2) Reported by the vendor. The vendor also credits: 3) Thai Duong and Juliano Rizzo, Netifera 4) David Bloom ORIGINAL ADVISORY: Opera: http://www.opera.com/docs/changelogs/windows/1160/ http://www.opera.com/support/kb/view/1003/ http://www.opera.com/support/kb/view/1004/ http://www.opera.com/support/kb/view/1005/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 6 19:19:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Dec 2011 04:19:28 +0100 Subject: [SEC] [SA47096] Intel Trusted Execution Technology SINIT ACMs Buffer Overflow Vulnerability Message-ID: <201112070319.pB73JSTU010950@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Intel Trusted Execution Technology SINIT ACMs Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA47096 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47096/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47096 RELEASE DATE: 2011-12-06 DISCUSS ADVISORY: http://secunia.com/advisories/47096/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47096/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47096 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in multiple Intel products, which can be exploited my malicious, local users to gain escalated privileges. The vulnerability is caused due to an unspecified error within the Authenticated Code Modules (ACMs) and can be exploited to cause a buffer overflow. Please see the vendor's advisory for the list of affected products. SOLUTION: Install updated SINIT ACMs. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Rafal Wojtczuk and Joanna Rutkowska, Invisible Things Lab. ORIGINAL ADVISORY: Intel (INTEL-SA-00030): http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00030&languageid=en-fr OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 6 19:46:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Dec 2011 04:46:46 +0100 Subject: [SEC] [SA47107] SUSE update for xorg-x11-libs Message-ID: <201112070346.pB73kkKo001623@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for xorg-x11-libs SECUNIA ADVISORY ID: SA47107 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47107/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47107 RELEASE DATE: 2011-12-06 DISCUSS ADVISORY: http://secunia.com/advisories/47107/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47107/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47107 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for xorg-x11-libs. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA45544 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:1299-1: http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00004.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 6 20:11:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Dec 2011 05:11:35 +0100 Subject: [SEC] [SA47006] Etomite Search Cross-Site Scripting Vulnerability Message-ID: <201112070411.pB74BZlo024704@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Etomite Search Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA47006 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47006/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47006 RELEASE DATE: 2011-12-06 DISCUSS ADVISORY: http://secunia.com/advisories/47006/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47006/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47006 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Etomite, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain input passed to an unspecified parameter within the search functionality is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 1.1. SOLUTION: Update to version 1.1. PROVIDED AND/OR DISCOVERED BY: JVN credits Daiki Fukumori, Cyber Defense Research Institute, Ltd. ORIGINAL ADVISORY: JVN: http://jvn.jp/jp/JVN04329324/index.html http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000101.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 6 20:47:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Dec 2011 05:47:27 +0100 Subject: [SEC] [SA47094] Ubuntu update for linux-ti-omap4 Message-ID: <201112070447.pB74lR26015905@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-ti-omap4 SECUNIA ADVISORY ID: SA47094 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47094/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47094 RELEASE DATE: 2011-12-06 DISCUSS ADVISORY: http://secunia.com/advisories/47094/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47094/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47094 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-ti-omap4. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service). For more information: SA46584 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1287-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-December/001506.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 6 21:15:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Dec 2011 06:15:59 +0100 Subject: [SEC] [SA47091] Debian update for openjdk-6 Message-ID: <201112070515.pB75FxGX006718@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Debian update for openjdk-6 SECUNIA ADVISORY ID: SA47091 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47091/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47091 RELEASE DATE: 2011-12-06 DISCUSS ADVISORY: http://secunia.com/advisories/47091/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47091/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47091 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for openjdk-6. This fixes multiple vulnerabilities, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, and compromise a vulnerable system. For more information: SA44784 SA46512 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2358-1: http://www.debian.org/security/2011/dsa-2358 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 7 10:34:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Dec 2011 19:34:52 +0100 Subject: [SEC] [SA47101] WordPress s2Member Plugin "s2_invoice" Custom Capabilities Security Bypass Vulnerability Message-ID: <201112071834.pB7IYqZk004490@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: WordPress s2Member Plugin "s2_invoice" Custom Capabilities Security Bypass Vulnerability SECUNIA ADVISORY ID: SA47101 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47101/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47101 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47101/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47101/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47101 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the s2Member plugin for WordPress, which can be exploited by malicious users to bypass certain security restrictions. Input passed to the "s2_invoice" parameter within payment URLs is not properly verified before being used to grant access to products when using custom capabilities. This can be exploited to access arbitrary products by supplying certain capabilities. The following payment gateways are reportedly affected: * ccBill? Buttons * ClickBank? Buttons * Google? Checkout Buttons * PayPal? Buttons with disabled "Button Encryption" The vulnerability is reported in versions prior to 111206. SOLUTION: Update to version 111206. Enable "Button Encryption" within the "Account Details" of the "PayPal Options" in case "PayPal? Buttons" are used. PROVIDED AND/OR DISCOVERED BY: Pedja within a s2Member plugin forum post. ORIGINAL ADVISORY: s2Member: http://wordpress.org/extend/plugins/s2member/changelog/ Pedja: http://www.primothemes.com/forums/viewtopic.php?f=4&t=15232 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 7 11:35:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Dec 2011 20:35:32 +0100 Subject: [SEC] [SA47108] Traq "authenticate()" Security Bypass Vulnerability Message-ID: <201112071935.pB7JZWHU029339@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Traq "authenticate()" Security Bypass Vulnerability SECUNIA ADVISORY ID: SA47108 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47108/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47108 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47108/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47108/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47108 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Traq, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to access not properly being restricted in the "authenticate()" function in admincp/common.php. This can be exploited to bypass the authentication mechanism and inject and execute arbitrary PHP code. The vulnerability is confirmed in version 2.3. Prior versions may also be affected. SOLUTION: Update to version 2.3.1. PROVIDED AND/OR DISCOVERED BY: EgiX OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 7 12:35:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Dec 2011 21:35:12 +0100 Subject: [SEC] [SA47071] acpid Event Scripts Insecure umask Security Issue Message-ID: <201112072035.pB7KZCSx021749@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: acpid Event Scripts Insecure umask Security Issue SECUNIA ADVISORY ID: SA47071 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47071/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47071 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47071/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47071/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47071 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in acpid, which can be exploited by malicious, local users to disclose potentially sensitive information. The security issue is caused due to acpid not setting a secure umask when launching event scripts, which can be exploited to e.g. disclose potentially sensitive information. The security issue is reported in versions prior 2.0.11. SOLUTION: Update to version 2.0.11. PROVIDED AND/OR DISCOVERED BY: Reportedly discovered by Helmut Grohne and Michael Biebl. ORIGINAL ADVISORY: http://www.openwall.com/lists/oss-security/2011/12/06/2 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 7 13:37:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Dec 2011 22:37:07 +0100 Subject: [SEC] [SA47151] Red Hat update for virt-v2v Message-ID: <201112072137.pB7Lb7tN014281@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for virt-v2v SECUNIA ADVISORY ID: SA47151 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47151/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47151 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47151/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47151/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47151 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for virt-v2v. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions. For more information: SA47086 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1615-03: https://rhn.redhat.com/errata/RHSA-2011-1615.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 7 14:27:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Dec 2011 23:27:00 +0100 Subject: [SEC] [SA47158] Red Hat update for glibc Message-ID: <201112072227.pB7MR0kS006169@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for glibc SECUNIA ADVISORY ID: SA47158 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47158/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47158 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47158/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47158/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47158 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for glibc. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service). For more information: SA44353 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1526-03: https://rhn.redhat.com/errata/RHSA-2011-1526.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 7 14:49:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Dec 2011 23:49:09 +0100 Subject: [SEC] [SA47086] virt-v2v Guest Conversion VNC Password Security Issue Message-ID: <201112072249.pB7Mn9B4029048@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: virt-v2v Guest Conversion VNC Password Security Issue SECUNIA ADVISORY ID: SA47086 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47086/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47086 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47086/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47086/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47086 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in virt-v2v, which can be exploited by malicious, local users to bypass certain security restrictions. The security issue is caused due to virt-v2v not properly honoring the VNC console password when converting guests to a KVM guest. This can be exploited to access the VNC console of the newly converted guest without a password, although the original guest required a password. The security issue is reported in versions prior to 0.8.4. SOLUTION: Update to version 0.8.4. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Red Hat Bug #702754: https://bugzilla.redhat.com/show_bug.cgi?id=702754 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 7 15:13:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Dec 2011 00:13:34 +0100 Subject: [SEC] [SA47037] Axis M10 Series Network Cameras "pageTitle" Cross-Site Scripting Vulnerability Message-ID: <201112072313.pB7NDY3x019668@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Axis M10 Series Network Cameras "pageTitle" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA47037 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47037/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47037 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47037/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47037/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47037 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Matt Metzger has reported a vulnerability in Axis M10 Series Network Cameras, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "pageTitle" parameter in admin/showReport.shtml (when "content" is set to "serverreport.cgi") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in Axis M1054 firmware version 5.21. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: Matt Metzger ORIGINAL ADVISORY: http://metzgersecurity.blogspot.com/2011/11/xss-vulnerability-axis-m10-series.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 7 15:51:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Dec 2011 00:51:10 +0100 Subject: [SEC] [SA47078] Winlog Pro Project File Processing Buffer Overflow Vulnerability Message-ID: <201112072351.pB7NpAGR010943@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Winlog Pro Project File Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA47078 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47078/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47078 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47078/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47078/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47078 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Winlog Pro, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error when processing certain values in project files and can be exploited to cause a buffer overflow by tricking a user into loading a malicious project file. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in versions prior to 2.07.09. SOLUTION: Update to version 2.07.09. PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Paul Davis ORIGINAL ADVISORY: http://www.us-cert.gov/control_systems/pdf/ICSA-11-298-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 7 16:14:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Dec 2011 01:14:34 +0100 Subject: [SEC] [SA46864] PunBB "linkedin" Script Insertion Vulnerability Message-ID: <201112080014.pB80EYqY001432@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: PunBB "linkedin" Script Insertion Vulnerability SECUNIA ADVISORY ID: SA46864 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46864/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46864 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/46864/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46864/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46864 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in PunBB, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "linkedin" parameter to profile.php (when "section" is set to "identity" and "id" is set) is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerability is confirmed in version 1.4. Prior versions may also be affected. SOLUTION: Update to version 1.4.1. PROVIDED AND/OR DISCOVERED BY: mghack via Secunia. ORIGINAL ADVISORY: PunBB: http://punbb.informer.com/forums/topic/24672/punbb-141/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 7 16:48:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Dec 2011 01:48:26 +0100 Subject: [SEC] [SA47152] Red Hat update for ipa Message-ID: <201112080048.pB80mQ0U024969@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for ipa SECUNIA ADVISORY ID: SA47152 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47152/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47152 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47152/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47152/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47152 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for ipa. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site request forgery attacks. For more information: SA47110 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1533-04: https://rhn.redhat.com/errata/RHSA-2011-1533.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 7 17:16:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Dec 2011 02:16:23 +0100 Subject: [SEC] [SA47131] Arc Informatique Products Multiple ActiveX Controls Vulnerabilities Message-ID: <201112080116.pB81GNLA015770@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Arc Informatique Products Multiple ActiveX Controls Vulnerabilities SECUNIA ADVISORY ID: SA47131 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47131/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47131 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47131/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47131/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47131 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in multiple Arc Informatique products, which can be exploited by malicious people to manipulate certain data and compromise a user's system. 1) An error when handling the "SaveObject()" and "LoadObject()" methods (SVUIGrd.ocx) can be exploited to perform a virtual function call into an arbitrary memory location via a specially crafted "aStream" argument. 2) An error in the "GetExtendedColor()" method (SVUIGrd.ocx) can be exploited to corrupt memory. 3) An error in the "SaveObject()" method (SVUIGrd.ocx) can be exploited to overwrite arbitrary files via directory traversal sequences. 4) An error when handling the "DeletePage()" method (aipgctl.ocx) can be exploited to perform a virtual function call into an arbitrary memory location. Successful exploitation of vulnerabilities #1, #2, and #4 may allow execution of arbitrary code. The vulnerabilities are reported in the following versions: * PcVue versions 6.x, 7.x, 8.x, 9.x, and 10.x. * FrontVue all current versions. * PlantVue all current versions. SOLUTION: Update to a fixed version. Contact the vendor for details. PROVIDED AND/OR DISCOVERED BY: 1 - 4) Luigi Auriemma 2) ICS-CERT credits Kuang-Chun Hung, Security Research and Service Institute Information and Communication Security Technology Center (ICST) ORIGINAL ADVISORY: Luigi: http://aluigi.altervista.org/adv/pcvue_1-adv.txt ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-340-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 7 17:48:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Dec 2011 02:48:33 +0100 Subject: [SEC] [SA47132] BlackBerry Tablet OS File Sharing Service Security Bypass Vulnerability Message-ID: <201112080148.pB81mXEt006768@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: BlackBerry Tablet OS File Sharing Service Security Bypass Vulnerability SECUNIA ADVISORY ID: SA47132 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47132/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47132 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47132/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47132/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47132 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in BlackBerry Tablet OS, which can be exploited by malicious, local users to bypass certain security restrictions. The vulnerability is caused due to an error in the File Sharing service when processing a backup archive file of the file system. This can be exploited to change a service configuration file and gain root access by restoring a modified backup archive file. The vulnerability is reported in versions 1.0.8.4985 and prior. SOLUTION: Update to version 1.0.8.6067. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://blackberry.com/btsc/KB29191 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 7 18:12:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Dec 2011 03:12:52 +0100 Subject: [SEC] [SA47073] Elxis CMS Two Cross-Site Scripting Vulnerabilities Message-ID: <201112080212.pB82Cq4b029768@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Elxis CMS Two Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA47073 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47073/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47073 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47073/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47073/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47073 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ewerson Guimaraes has discovered two vulnerabilities in Elxis CMS, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed to the "task" parameter in index.php (when "option" is set to "com_content") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the URL to administrator/index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 2009.2 Electra rev2631. Other versions may also be affected. SOLUTION: Update to version 2009.3 Aphrodite rev2684. PROVIDED AND/OR DISCOVERED BY: Ewerson Guimaraes, DcLabs Security Research Group ORIGINAL ADVISORY: Elxis: http://forum.elxis.org/index.php?PHPSESSID=v9i7kgmmb2554ldmlcmbj32ugjd0ngpc&topic=5144.msg43327#msg43327 DcLabs: http://archives.neohapsis.com/archives/bugtraq/2011-12/0023.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 7 18:48:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Dec 2011 03:48:20 +0100 Subject: [SEC] [SA47141] Red Hat update for squid Message-ID: <201112080248.pB82mKst020924@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for squid SECUNIA ADVISORY ID: SA47141 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47141/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47141 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47141/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47141/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47141 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA46609 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1791-01: https://rhn.redhat.com/errata/RHSA-2011-1791.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 7 19:18:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Dec 2011 04:18:57 +0100 Subject: [SEC] [SA47157] Red Hat update for qemu-kvm Message-ID: <201112080318.pB83IvIV012305@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for qemu-kvm SECUNIA ADVISORY ID: SA47157 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47157/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47157 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47157/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47157/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47157 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for qemu-kvm. This fixes a weakness, which can be exploited by which can be exploited by malicious, local users to perform certain actions with escalated privileges. For more information see vulnerability #2 in: SA45188 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1531-03: https://rhn.redhat.com/errata/RHSA-2011-1531.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 7 19:47:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Dec 2011 04:47:54 +0100 Subject: [SEC] [SA47089] Foxit Reader Unspecified Memory Corruption Vulnerability Message-ID: <201112080347.pB83lsVV003096@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Foxit Reader Unspecified Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA47089 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47089/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47089 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47089/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47089/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47089 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Foxit Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error. No further information is currently available. The vulnerability is reported in versions 5.1.0.1021 and prior. SOLUTION: Update to version 5.1.3. PROVIDED AND/OR DISCOVERED BY: The vendor credits Alex Garbutt, iSEC Partners. ORIGINAL ADVISORY: http://www.foxitsoftware.com/Secure_PDF_Reader/security_bulletins.php#termination OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 7 20:13:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Dec 2011 05:13:26 +0100 Subject: [SEC] [SA47123] SepCity Products Unspecified SQL Injection Vulnerability Message-ID: <201112080413.pB84DQTj026200@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SepCity Products Unspecified SQL Injection Vulnerability SECUNIA ADVISORY ID: SA47123 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47123/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47123 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47123/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47123/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47123 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in some SepCity products, which can be exploited by malicious people to conduct SQL injection attacks. Certain unspecified input is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in the following products: * Alumni Relations * Event Calendar * Lawyer Portal * News Manager * Speakers Bureau * Sports Manager SOLUTION: Update to a fixed version. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: SepCity: http://www.sepcity.com/news.aspx?DoAction=ReadMore&NewsID=183354188246142 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 7 20:48:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Dec 2011 05:48:07 +0100 Subject: [SEC] [SA47154] Red Hat update for nfs-utils Message-ID: <201112080448.pB84m7L9017331@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for nfs-utils SECUNIA ADVISORY ID: SA47154 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47154/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47154 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47154/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47154/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47154 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for nfs-utils. This fixes a security issue, which can be exploited by malicious, local users to cause a DoS (Denial of Service). For more information: SA44245 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1534-03: https://rhn.redhat.com/errata/RHSA-2011-1534.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 7 21:13:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Dec 2011 06:13:37 +0100 Subject: [SEC] [SA47144] Red Hat update for php-pear Message-ID: <201112080513.pB85Dbfh007995@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for php-pear SECUNIA ADVISORY ID: SA47144 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47144/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47144 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47144/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47144/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47144 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for php-pear. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges. For more information: SA43533 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1741-03: https://rhn.redhat.com/errata/RHSA-2011-1741.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 7 21:48:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Dec 2011 06:48:58 +0100 Subject: [SEC] [SA47110] FreeIPA Cross-Site Request Forgery Vulnerability Message-ID: <201112080548.pB85mw38031539@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: FreeIPA Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA47110 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47110/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47110 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47110/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47110/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47110 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in FreeIPA, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. make changes to the configuration by tricking a logged-in administrative user into viewing a malicious site. The vulnerability is reported in versions prior to 2.1.4. SOLUTION: Update to version 2.1.4. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: FreeIPA: http://freeipa.org/page/IPAv2_214 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 7 22:15:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Dec 2011 07:15:31 +0100 Subject: [SEC] [SA47052] Debian update for mojarra Message-ID: <201112080615.pB86FVG2022255@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Debian update for mojarra SECUNIA ADVISORY ID: SA47052 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47052/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47052 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47052/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47052/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47052 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for mojarra. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA46959 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2359-1: http://www.debian.org/security/2011/dsa-2359 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 8 10:38:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Dec 2011 19:38:02 +0100 Subject: [SEC] [SA47136] One Click Orgs Multiple Vulnerabilities Message-ID: <201112081838.pB8Ic2Dt017166@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: One Click Orgs Multiple Vulnerabilities SECUNIA ADVISORY ID: SA47136 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47136/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47136 RELEASE DATE: 2011-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/47136/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47136/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47136 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Darren McDonald has reported some weaknesses and two vulnerabilities in One Click Orgs, which can be exploited by malicious users to potentially cause a DoS (Denial of Service), manipulate certain data, and conduct spoofing and script insertion attacks and by malicious people to disclose sensitive information and conduct spoofing attacks. 1) The application does not properly verify email addresses when a user changes his email address. This can be exploited to appear to be voting as a different user or to prevent a user from logging in by choosing another user's email address if the malicious user joined before the victim. 2) Input passed to the "return_to" parameter is not properly verified before being used to redirect users. This can be exploited to redirect users to arbitrary web sites. 3) An error within the "Reset your password" functionality can be exploited to enumerate email addresses of users. 4) Input passed via the "Description" field of a new vote and eject member proposal is not properly sanitised before being used. This can be exploited to insert HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed. 5) Certain input passed via the email address of a user is not properly sanitised before being used in SMTP messages. This can be exploited to modify SMTP messages and e.g. send spam emails. The weaknesses and vulnerabilities are reported in version 1.2.1. Other versions may also be affected. SOLUTION: Update to version 1.2.3. PROVIDED AND/OR DISCOVERED BY: Renski aka Darren McDonald ORIGINAL ADVISORY: One Click Orgs: https://groups.google.com/group/oneclickorgs-devspace/msg/26c40a4cc9e127d2?hl=en&dmode=source&output=gplain&pli=1 Darren McDonald: http://dmcdonald.net/?page_id=43 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 8 11:34:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Dec 2011 20:34:33 +0100 Subject: [SEC] [SA47105] Ubuntu update for linux-lts-backport-maverick Message-ID: <201112081934.pB8JYXtL009420@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-lts-backport-maverick SECUNIA ADVISORY ID: SA47105 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47105/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47105 RELEASE DATE: 2011-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/47105/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47105/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47105 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-lts-backport-maverick. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious people to cause a DoS. For more information: SA45420 SA46584 SA46591 SA46802 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1292-1: http://www.ubuntu.com/usn/usn-1292-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 8 12:36:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Dec 2011 21:36:02 +0100 Subject: [SEC] [SA47167] CA SiteMinder "target" Cross-Site Scripting Vulnerability Message-ID: <201112082036.pB8Ka2WC001822@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: CA SiteMinder "target" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA47167 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47167/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47167 RELEASE DATE: 2011-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/47167/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47167/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47167 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in CA SiteMinder, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "target" POST parameter in login.fcc (when "postpreservationdata" is set to "fail") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions R6 SP6 CR6 and R12 SP3 CR7. Prior versions may also be affected. SOLUTION: Update to version R6 SP6 CR7 or R12 SP3 CR8. PROVIDED AND/OR DISCOVERED BY: US-CERT credits Jon Passki, Aspect Security ORIGINAL ADVISORY: US-CERT (VU#713012): http://www.kb.cert.org/vuls/id/713012 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 8 13:33:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Dec 2011 22:33:42 +0100 Subject: [SEC] [SA47070] D-Link ShareCenter DNS-320 Authentication Bypass Vulnerability Message-ID: <201112082133.pB8LXgbg026592@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: D-Link ShareCenter DNS-320 Authentication Bypass Vulnerability SECUNIA ADVISORY ID: SA47070 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47070/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47070 RELEASE DATE: 2011-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/47070/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47070/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47070 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in D-Link ShareCenter DNS-320, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in the authentication mechanism of the administrative web interface. This can be exploited to bypass authentication checks and e.g. restart or shutdown the device. The vulnerability is reported in firmware version 2.00b06. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: rigan OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 8 14:28:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Dec 2011 23:28:32 +0100 Subject: [SEC] [SA47164] KnowledgeTree "username" SQL Injection Vulnerability Message-ID: <201112082228.pB8MSWCB018752@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: KnowledgeTree "username" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA47164 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47164/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47164 RELEASE DATE: 2011-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/47164/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47164/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47164 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: sxkeebler and r at b13$ have discovered a vulnerability in KnowledgeTree, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "username" parameter to login.php (when "action" is set to "login") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 3.7.0.2. Prior versions may also be affected. SOLUTION: Apply patch. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: sxkeebler and r at b13$, Digital Defense. ORIGINAL ADVISORY: KnowledgeTree: http://wiki.knowledgetree.org/Security_advisory:_KnowledgeTree_login.php_Blind_SQL_Injection Digital Defense: http://archives.neohapsis.com/archives/fulldisclosure/2011-12/0221.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 8 14:49:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Dec 2011 23:49:31 +0100 Subject: [SEC] [SA47088] Ubuntu update for linux Message-ID: <201112082249.pB8MnVqs009186@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux SECUNIA ADVISORY ID: SA47088 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47088/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47088 RELEASE DATE: 2011-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/47088/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47088/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47088 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious people to cause a DoS. For more information: SA45420 SA46584 SA46591 SA46802 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1293-1: http://www.ubuntu.com/usn/usn-1293-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 8 15:13:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Dec 2011 00:13:33 +0100 Subject: [SEC] [SA47166] SUSE update for Ruby on Rails Message-ID: <201112082313.pB8NDXeE032163@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for Ruby on Rails SECUNIA ADVISORY ID: SA47166 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47166/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47166 RELEASE DATE: 2011-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/47166/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47166/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47166 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for Ruby on Rails. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, and conduct HTTP response splitting, cross-site scripting, cross-site request forgery, and SQL injection attacks. For more information: SA41930 SA43274 SA43278 SA45648 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:1305-1: http://lists.opensuse.org/opensuse-updates/2011-12/msg00004.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 8 15:48:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Dec 2011 00:48:58 +0100 Subject: [SEC] [SA47135] Debian update for chasen Message-ID: <201112082348.pB8NmwMv023320@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Debian update for chasen SECUNIA ADVISORY ID: SA47135 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47135/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47135 RELEASE DATE: 2011-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/47135/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47135/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47135 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for chasen. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error when processing strings and can be exploited to cause a buffer overflow. Successful exploitation may allow execution of arbitrary code. SOLUTION: Apply updated packages via the apt-get package manager. PROVIDED AND/OR DISCOVERED BY: Kenji Aiko, NetAgent Co via JVN. ORIGINAL ADVISORY: DSA-2361-1: http://www.debian.org/security/2011/dsa-2361 JVN: http://jvn.jp/en/jp/JVN16901583/index.html http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000099.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 8 16:15:21 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Dec 2011 01:15:21 +0100 Subject: [SEC] [SA47161] Adobe Flash Player Unspecified Code Execution Vulnerability Message-ID: <201112090015.pB90FLFD014043@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Adobe Flash Player Unspecified Code Execution Vulnerability SECUNIA ADVISORY ID: SA47161 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47161/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47161 RELEASE DATE: 2011-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/47161/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47161/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47161 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error. No further information is currently available. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in version 11.1.102.55. Other versions may also be affected. SOLUTION: Do not browse untrusted sites or disable the player. PROVIDED AND/OR DISCOVERED BY: Reportedly a module for VulnDisco Pack by Evgeny Legerov, Intevydis ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/dailydave/2011-q4/0081.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 8 16:48:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Dec 2011 01:48:27 +0100 Subject: [SEC] [SA47159] Red Hat update for kernel Message-ID: <201112090048.pB90mRBu005096@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for kernel SECUNIA ADVISORY ID: SA47159 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47159/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47159 RELEASE DATE: 2011-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/47159/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47159/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47159 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for the kernel. This fixes a weakness and two vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and cause a DoS (Denial of Service). For more information: SA43496 SA46489 SA46803 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1530-03: https://rhn.redhat.com/errata/RHSA-2011-1530.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 8 17:16:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Dec 2011 02:16:05 +0100 Subject: [SEC] [SA47130] Ubuntu update for kernel Message-ID: <201112090116.pB91G5bw028250@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for kernel SECUNIA ADVISORY ID: SA47130 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47130/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47130 RELEASE DATE: 2011-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/47130/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47130/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47130 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges. For more information: SA46591 SA46802 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1291-1: http://www.ubuntu.com/usn/usn-1291-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 8 17:48:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Dec 2011 02:48:32 +0100 Subject: [SEC] [SA47162] Red Hat Network Satellite Server "Description" Script Insertion Vulnerability Message-ID: <201112090148.pB91mWdR019284@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat Network Satellite Server "Description" Script Insertion Vulnerability SECUNIA ADVISORY ID: SA47162 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47162/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47162 RELEASE DATE: 2011-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/47162/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47162/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47162 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Red Hat Network Satellite Server, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "Description" field of the asset key on the "Custom System Info" page is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits William Hoffmann. ORIGINAL ADVISORY: RHSA-2011:1794-1: https://rhn.redhat.com/errata/RHSA-2011-1794.html Red Hat Bugzilla - Bug 742050: https://bugzilla.redhat.com/show_bug.cgi?id=742050 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 8 18:14:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Dec 2011 03:14:05 +0100 Subject: [SEC] [SA47171] SUSE update for freetype2 Message-ID: <201112090214.pB92E5FV009955@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for freetype2 SECUNIA ADVISORY ID: SA47171 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47171/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47171 RELEASE DATE: 2011-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/47171/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47171/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47171 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for freetype2. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise an application using the library. For more information: SA46575 SA46839 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:1307-1: http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00008.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 8 18:48:16 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Dec 2011 03:48:16 +0100 Subject: [SEC] [SA47138] SUSE update for freetype2 Message-ID: <201112090248.pB92mGmH000976@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for freetype2 SECUNIA ADVISORY ID: SA47138 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47138/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47138 RELEASE DATE: 2011-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/47138/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47138/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47138 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for freetype2. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise an application using the library. For more information: SA45628 SA46575 SA46839 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:1306-1: http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00007.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 8 19:19:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Dec 2011 04:19:51 +0100 Subject: [SEC] [SA47080] SourceBans "xajaxargs[]" Two Local File Inclusion Vulnerabilities Message-ID: <201112090319.pB93Jpdb024869@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SourceBans "xajaxargs[]" Two Local File Inclusion Vulnerabilities SECUNIA ADVISORY ID: SA47080 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47080/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47080 RELEASE DATE: 2011-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/47080/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47080/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47080 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in SourceBans, which can be exploited by malicious users to disclose potentially sensitive information. Input passed to the "xajaxargs[]" parameter in index.php (when "xajax" is set to "SelTheme" or "ApplyTheme") is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes. The vulnerabilities are confirmed in version 1.4.9. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Havok ORIGINAL ADVISORY: Havok: http://www.exploit-db.com/exploits/18215/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 8 19:48:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Dec 2011 04:48:41 +0100 Subject: [SEC] [SA47148] Ubuntu update for krb5 Message-ID: <201112090348.pB93mfm6015720@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for krb5 SECUNIA ADVISORY ID: SA47148 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47148/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47148 RELEASE DATE: 2011-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/47148/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47148/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47148 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for krb5. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service). For more information: SA47124 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1290-1: http://www.ubuntu.com/usn/usn-1290-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 8 20:14:01 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Dec 2011 05:14:01 +0100 Subject: [SEC] [SA47115] ZENworks Asset Management rtrlet Component Arbitrary File Upload Vulnerability Message-ID: <201112090414.pB94E1IL006363@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: ZENworks Asset Management rtrlet Component Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA47115 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47115/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47115 RELEASE DATE: 2011-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/47115/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47115/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47115 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in ZENworks Asset Management, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the handling of path names when uploading files via the rtrlet component. This can be exploited to upload malicious files to an arbitrary location via directory traversal sequences and URL-encoded NULL bytes in the file name. The vulnerability is reported in version 7.5 interim release IR 25. Other versions may also be affected. SOLUTION: Apply the SECURITY_Vulnerability_ZAM_7.5 patch. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: An anonymous person via ZDI. ORIGINAL ADVISORY: Novell: http://download.novell.com/Download?buildid=hPvHtXeNmCU~ ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-342/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 8 20:48:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Dec 2011 05:48:35 +0100 Subject: [SEC] [SA47160] Ubuntu update for colord Message-ID: <201112090448.pB94mZMX029879@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for colord SECUNIA ADVISORY ID: SA47160 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47160/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47160 RELEASE DATE: 2011-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/47160/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47160/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47160 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for colord. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to conduct SQL injection attacks. For more information: SA46940 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1289-1: https://launchpad.net/ubuntu/+source/colord/0.1.12-1ubuntu2.1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 8 21:13:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Dec 2011 06:13:37 +0100 Subject: [SEC] [SA47153] ISC DHCP Regular Expressions Denial of Service Vulnerability Message-ID: <201112090513.pB95DbXA020527@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: ISC DHCP Regular Expressions Denial of Service Vulnerability SECUNIA ADVISORY ID: SA47153 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47153/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47153 RELEASE DATE: 2011-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/47153/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47153/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47153 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in ISC DHCP, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error related to regular expressions, which can be exploited to cause the daemon to crash by sending specially crafted DHCP packets. Successful exploitation requires that the server is configured to evaluate expressions using regular expressions (e.g. uses the "~~" or "~=" comparison operators). The vulnerability is reported in versions 4.x prior to versions 4.1-ESV-R4 and 4.2.3-P1. SOLUTION: Update to versions 4.1-ESV-R4 or 4.2.3-P1. PROVIDED AND/OR DISCOVERED BY: The vendor credits BlueCat Networks. ORIGINAL ADVISORY: https://www.isc.org/software/dhcp/advisories/cve-2011-4539 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 8 21:48:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Dec 2011 06:48:18 +0100 Subject: [SEC] [SA47114] Trend Micro Control Manager "CGenericScheduler::AddTask()" Buffer Overflow Vulnerability Message-ID: <201112090548.pB95mIu9011653@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Trend Micro Control Manager "CGenericScheduler::AddTask()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA47114 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47114/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47114 RELEASE DATE: 2011-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/47114/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47114/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47114 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Trend Micro Control Manager, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "CGenericScheduler::AddTask()" function in cmdHandlerRedAlertController.dll when handling certain IPC packets. This can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 20101. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 5.5. Other versions may also be affected. SOLUTION: Update to version 5.5.0.1613. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma via ZDI. ORIGINAL ADVISORY: Trend Micro: http://www.trendmicro.com/ftp/documentation/readme/readme_critical_patch_TMCM55_1613.txt ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-345/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 8 22:13:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Dec 2011 07:13:23 +0100 Subject: [SEC] [SA47156] Red Hat update for kexec-tools Message-ID: <201112090613.pB96DNF4002225@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for kexec-tools SECUNIA ADVISORY ID: SA47156 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47156/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47156 RELEASE DATE: 2011-12-08 DISCUSS ADVISORY: http://secunia.com/advisories/47156/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47156/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47156 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for kexec-tools. This fixes two security issues, which can be exploited by malicious, local users and malicious people to disclose sensitive information. 1) The security issue is caused due to the mkdumprd utility setting the "StrictHostKeyChecking" SSH-Parameter to "no" when using SSH targets, which can aid the disclosure of e.g. kdump core files by impersonating a kdump SSH server target via Man-in-the-Middle (MitM) attacks. 2) The security issue is caused due to the mkdumprd utility creating an initrd file with world-readable permissions, which can be exploited to disclose the e.g. private SSH key for a remote server when using SSH targets. SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Kevan Carstensen. ORIGINAL ADVISORY: RHSA-2011:1532-03: https://rhn.redhat.com/errata/RHSA-2011-1532.html Red Hat Bug#716439: https://bugzilla.redhat.com/show_bug.cgi?id=716439 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 9 10:33:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Dec 2011 19:33:53 +0100 Subject: [SEC] [SA47040] HP Application Lifecycle Management Insecure Temporary Files Weakness Message-ID: <201112091833.pB9IXr6k029413@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: HP Application Lifecycle Management Insecure Temporary Files Weakness SECUNIA ADVISORY ID: SA47040 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47040/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47040 RELEASE DATE: 2011-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/47040/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47040/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47040 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in HP Application Lifecycle Management, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The weakness is caused due to the uninstall script (foundation.sh) using temporary files in an insecure manner, which can be exploited to e.g. overwrite arbitrary files via symlink attacks. The weakness is reported in version 11.00. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: 0a29406d9794e4f9b30b3c5d6702c708 ORIGINAL ADVISORY: http://0a29.blogspot.com/2011/12/0a29-11-2-privilege-escalation.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 9 11:33:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Dec 2011 20:33:11 +0100 Subject: [SEC] [SA47190] Joomla! JCE Component "name" Arbitrary File Upload Vulnerability Message-ID: <201112091933.pB9JXBfx021800@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Joomla! JCE Component "name" Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA47190 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47190/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47190 RELEASE DATE: 2011-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/47190/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47190/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47190 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the JCE component for Joomla!, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to the editor/extensions/browser/file.php script not properly validating uploaded files, which can be exploited to execute arbitrary PHP code by uploading a PHP file with e.g. an appended ".gif" file extension. Successful exploitation requires "Author" privileges. The vulnerability is confirmed in version 2.0.17. Prior versions may also be affected. SOLUTION: Update to version 2.0.19. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. Additional information provided by Secunia Research. ORIGINAL ADVISORY: JCE: http://www.joomlacontenteditor.net/news/item/jce-2018-released?category_id=32 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 9 12:57:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Dec 2011 21:57:32 +0100 Subject: [SEC] [SA47172] SUSE update for opera Message-ID: <201112092057.pB9KvVQk015430@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for opera SECUNIA ADVISORY ID: SA47172 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47172/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47172 RELEASE DATE: 2011-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/47172/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47172/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47172 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for opera. This fixes multiple vulnerabilities, where one has an unknown impact and others can be exploited by malicious people to bypass certain security features, disclose potentially sensitive information, and hijack a user's session. For more information: SA47077 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:1314-1: http://lists.opensuse.org/opensuse-updates/2011-12/msg00005.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 9 13:44:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Dec 2011 22:44:09 +0100 Subject: [SEC] [SA47191] HomeSeer HS2 Cross-Site Request Forgery and Script Insertion Vulnerabilities Message-ID: <201112092144.pB9Li93w007167@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: HomeSeer HS2 Cross-Site Request Forgery and Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA47191 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47191/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47191 RELEASE DATE: 2011-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/47191/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47191/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47191 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in HomeSeer HS2, which can be exploited by malicious people to conduct cross-site request forgery and script insertion attacks. 1) Input passed via the URL is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. execute commands on a system by tricking a user into visiting a malicious web site. The vulnerabilities are confirmed in version 2.5.0.23. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences in a proxy. Do not browse untrusted websites or follow untrusted links while logged in to the application. PROVIDED AND/OR DISCOVERED BY: US-CERT credits Silent Dream ORIGINAL ADVISORY: US-CERT (VU#796883): http://www.kb.cert.org/vuls/id/796883 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 9 14:26:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Dec 2011 23:26:31 +0100 Subject: [SEC] [SA47181] WordPress iCopyright(R) Article Tools Plugin Unspecified Vulnerability Message-ID: <201112092226.pB9MQVDl031063@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: WordPress iCopyright(R) Article Tools Plugin Unspecified Vulnerability SECUNIA ADVISORY ID: SA47181 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47181/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47181 RELEASE DATE: 2011-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/47181/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47181/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47181 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability with an unknown impact has been reported in the iCopyright(R) Article Tools plugin for WordPress. The vulnerability is caused due to an unspecified error. No further information is currently available. SOLUTION: Update to version 1.2 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://wordpress.org/extend/plugins/copyright-licensing-tools/changelog/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 9 14:48:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Dec 2011 23:48:42 +0100 Subject: [SEC] [SA47200] SePortal "goto" SQL Injection Vulnerability Message-ID: <201112092248.pB9MmgnD021551@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SePortal "goto" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA47200 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47200/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47200 RELEASE DATE: 2011-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/47200/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47200/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47200 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in SePortal, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "goto" parameter to redirect.php (when "action" is set to "banner") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 2.5. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Don ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/18222/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 9 15:16:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Dec 2011 00:16:02 +0100 Subject: [SEC] [SA47165] SUSE update for openswan Message-ID: <201112092316.pB9NG2jd012326@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for openswan SECUNIA ADVISORY ID: SA47165 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47165/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47165 RELEASE DATE: 2011-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/47165/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47165/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47165 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for openswan. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service). For more information: SA46681 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:1310-1: https://hermes.opensuse.org/messages/12875537 SUSE-SU-2011:1311-1: https://hermes.opensuse.org/messages/12875536 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 9 16:51:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Dec 2011 01:51:53 +0100 Subject: [SEC] [SA47179] Red Hat update for perl Message-ID: <201112100051.pBA0prs8016877@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for perl SECUNIA ADVISORY ID: SA47179 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47179/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47179 RELEASE DATE: 2011-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/47179/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47179/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47179 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for perl. This fixes a weakness and two vulnerabilities, which can be exploited by malicious people to bypass certain security features and conduct HTTP response splitting attacks. For more information: SA42443 SA42461 SA43921 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1797-1: http://rhn.redhat.com/errata/RHSA-2011-1797.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 9 16:51:47 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Dec 2011 01:51:47 +0100 Subject: [SEC] [SA47192] Ubuntu update for linux-lts-backport-oneiric Message-ID: <201112100051.pBA0plK0016706@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-lts-backport-oneiric SECUNIA ADVISORY ID: SA47192 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47192/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47192 RELEASE DATE: 2011-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/47192/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47192/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47192 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-lts-backport-oneiric. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and cause a DoS (Denial of Service) and by malicious people to cause a DoS. For more information: SA43576 SA44625 SA45420 SA46489 SA46584 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1294-1: http://www.ubuntu.com/usn/usn-1294-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 9 16:51:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Dec 2011 01:51:49 +0100 Subject: [SEC] [SA47188] SUSE update for apache2 Message-ID: <201112100051.pBA0pn71016771@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for apache2 SECUNIA ADVISORY ID: SA47188 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47188/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47188 RELEASE DATE: 2011-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/47188/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47188/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47188 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for apache2. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service). For more information: SA45793 SA46288 SA46987 1) An error related to the handling of SSL renegotiations can be exploited to exhaust server resources by sending multiple SSL renegotiation requests. SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:1309-1: https://hermes.opensuse.org/messages/12869344 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 9 17:15:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Dec 2011 02:15:10 +0100 Subject: [SEC] [SA47155] acpid Power Button Event Handler Privilege Escalation Vulnerability Message-ID: <201112100115.pBA1FAcJ008205@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: acpid Power Button Event Handler Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA47155 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47155/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47155 RELEASE DATE: 2011-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/47155/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47155/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47155 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in acpid, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an error in the "powerbtn.sh" script when identifying a process ID of the KDE session daemon. This can be exploited to inject commands via the DBUS_SESSION_BUS_ADDRESS environment variable. The vulnerability is reported in version 2.0.12. Other versions may also be affected. SOLUTION: Restrict access to trusted users only or disable power button event handling. PROVIDED AND/OR DISCOVERED BY: Oliver-Tobias Ripka ORIGINAL ADVISORY: https://bugs.launchpad.net/ubuntu/+source/acpid/+bug/893821 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 9 17:47:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Dec 2011 02:47:52 +0100 Subject: [SEC] [SA47169] Red Hat update for JBoss Enterprise Application Platform Message-ID: <201112100147.pBA1lqqo031597@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for JBoss Enterprise Application Platform SECUNIA ADVISORY ID: SA47169 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47169/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47169 RELEASE DATE: 2011-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/47169/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47169/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47169 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for JBoss Enterprise Application Platform. This fixes a security issue, which can be exploited by malicious people to manipulate certain data. For more information: SA44496 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1798-01: https://rhn.redhat.com/errata/RHSA-2011-1798.html RHSA-2011:1799-01: https://rhn.redhat.com/errata/RHSA-2011-1799.html RHSA-2011:1800-01: https://rhn.redhat.com/errata/RHSA-2011-1800.html RHSA-2011:1805-01: https://rhn.redhat.com/errata/RHSA-2011-1805.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 9 18:35:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Dec 2011 03:35:49 +0100 Subject: [SEC] [SA47111] Red Hat update for JBoss Enterprise Web Platform Message-ID: <201112100235.pBA2ZnCs023368@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for JBoss Enterprise Web Platform SECUNIA ADVISORY ID: SA47111 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47111/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47111 RELEASE DATE: 2011-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/47111/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47111/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47111 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for JBoss Enterprise Web Platform. This fixes a security issue, which can be exploited by malicious people to manipulate certain data. For more information: SA44496 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1802-01: https://rhn.redhat.com/errata/RHSA-2011-1802.html RHSA-2011:1803-01: https://rhn.redhat.com/errata/RHSA-2011-1803.html RHSA-2011:1804-01: https://rhn.redhat.com/errata/RHSA-2011-1804.html RHSA-2011:1806-01: https://rhn.redhat.com/errata/RHSA-2011-1806.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 9 19:17:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Dec 2011 04:17:42 +0100 Subject: [SEC] [SA47176] Apache Struts Conversion Error OGNL Expression Injection Vulnerability Message-ID: <201112100317.pBA3HgPB015244@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Apache Struts Conversion Error OGNL Expression Injection Vulnerability SECUNIA ADVISORY ID: SA47176 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47176/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47176 RELEASE DATE: 2011-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/47176/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47176/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47176 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Apache Struts, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an input sanitisation error, which can be exploited to to inject and execute OGNL expressions if a conversion error is encountered. The vulnerability is reported in versions 2.0.0 through 2.2.3. SOLUTION: Update to version 2.2.3.1. PROVIDED AND/OR DISCOVERED BY: Reported in a Struts bug report by Hideyuki Suzumi. ORIGINAL ADVISORY: http://struts.apache.org/2.x/docs/s2-007.html https://issues.apache.org/jira/browse/WW-3668 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 9 19:48:04 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Dec 2011 04:48:04 +0100 Subject: [SEC] [SA47193] Red Hat update for jasper Message-ID: <201112100348.pBA3m4u1006202@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for jasper SECUNIA ADVISORY ID: SA47193 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47193/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47193 RELEASE DATE: 2011-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/47193/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47193/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47193 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for jasper. This fixes two vulnerabilities, which can be exploited by malicious people to compromise an application using the library. For more information: SA47175 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1807-01: https://rhn.redhat.com/errata/RHSA-2011-1807.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 9 20:14:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Dec 2011 05:14:07 +0100 Subject: [SEC] [SA47059] Asterisk Enumeration Weakness and Denial of Service Vulnerability Message-ID: <201112100414.pBA4E7nX029291@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Asterisk Enumeration Weakness and Denial of Service Vulnerability SECUNIA ADVISORY ID: SA47059 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47059/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47059 RELEASE DATE: 2011-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/47059/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47059/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47059 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and vulnerability have been reported in Asterisk, which can be exploited by malicious people to disclose certain system information and cause a DoS (Denial of Service). 1) The weakness is caused due to Asterisk responding on different ports for certain requests, which can be exploited to e.g. enumerate SIP peers. Successful exploitation requires that SIP endpoints with different NAT settings are used. 2) The vulnerability is caused due to a NULL pointer dereference error within the "handle_request_info()" function (channels/chan_sip.c) when the "automon" feature is enabled (disabled by default) and can be exploited to cause a crash by sending a sequence of specially crafted SIP packets. The weakness is reported in all Asterisk versions and the vulnerability is reported in versions 1.6.2.x prior to 1.6.2.21 and 1.8.x prior to 1.8.7.2. SOLUTION: Update to versions 1.6.2.21 and 1.8.7.2 or apply patches. Follow the vendor's instructions to prevent exploitation of weakness #1. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Ben Williams 2) Kristijan Vrban ORIGINAL ADVISORY: Asterisk: http://downloads.asterisk.org/pub/security/AST-2011-013.html http://downloads.asterisk.org/pub/security/AST-2011-014.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 9 20:48:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Dec 2011 05:48:00 +0100 Subject: [SEC] [SA47140] HitAppoint "username" SQL Injection Vulnerability Message-ID: <201112100448.pBA4m0jT020384@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: HitAppoint "username" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA47140 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47140/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47140 RELEASE DATE: 2011-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/47140/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47140/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47140 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: pr0letariat has discovered a vulnerability in HitAppoint, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "username" parameter to index.php (if "nts-panel" is set to "anon/login") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in HitAppoint Lite 4.5.17. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: pr0letariat OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 9 21:31:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Dec 2011 06:31:58 +0100 Subject: [SEC] [SA47143] Ubuntu update for python-django Message-ID: <201112100531.pBA5VwOS011982@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for python-django SECUNIA ADVISORY ID: SA47143 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47143/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47143 RELEASE DATE: 2011-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/47143/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47143/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47143 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for python-django. This fixes some vulnerabilities, which can be exploited by malicious people to disclose certain system information, manipulate certain data, conduct cache poisoning attacks, and cause a DoS (Denial of Service). For more information: SA45939 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1297-1: http://www.ubuntu.com/usn/usn-1297-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 9 22:17:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Dec 2011 07:17:40 +0100 Subject: [SEC] [SA47137] FFFTP Insecure Executable Loading Vulnerability Message-ID: <201112100617.pBA6Herc003630@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: FFFTP Insecure Executable Loading Vulnerability SECUNIA ADVISORY ID: SA47137 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47137/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47137 RELEASE DATE: 2011-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/47137/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47137/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47137 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in FFFTP, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading executables (e.g. readme.exe) in an insecure manner. This can be exploited to run an arbitrary program by tricking a user into e.g. opening a file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in version 1.98c and prior. SOLUTION: Update to version 1.98d. PROVIDED AND/OR DISCOVERED BY: JVN credits Fumihiko Sano. ORIGINAL ADVISORY: FFFTP: http://sourceforge.jp/projects/ffftp/wiki/Security JVN: http://jvn.jp/en/jp/JVN94002296/index.html http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000104.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 10 10:33:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Dec 2011 19:33:30 +0100 Subject: [SEC] [SA47175] JasPer JPEG2000 File Processing Two Vulnerabilities Message-ID: <201112101833.pBAIXULX030607@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: JasPer JPEG2000 File Processing Two Vulnerabilities SECUNIA ADVISORY ID: SA47175 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47175/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47175 RELEASE DATE: 2011-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/47175/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47175/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47175 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in JasPer, which can be exploited by malicious people to compromise an application using the library. 1) An error in the "jpc_cox_getcompparms()" function (src/libjasper/jpc/jpc_cs.c) when processing a coding style default (COD) marker segment can be exploited to overwrite a certain callback function pointer. 2) An error in the "jpc_crg_getparms()" function (src/libjasper/jpc/jpc_cs.c) when processing a component registration (CRG) marker segment can be exploited to cause a heap-based buffer overflow. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in version 1.900.1. Other versions may also be affected. SOLUTION: Do not process files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: US-CERT credits Jonathan Foote, CERT/CC. ORIGINAL ADVISORY: US-CERT (VU#887409): http://www.kb.cert.org/vuls/id/887409 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 10 11:33:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Dec 2011 20:33:23 +0100 Subject: [SEC] [SA47180] Oracle Solaris Adobe Flash Player Multiple Vulnerabilities Message-ID: <201112101933.pBAJXNN3023042@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities SECUNIA ADVISORY ID: SA47180 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47180/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47180 RELEASE DATE: 2011-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/47180/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47180/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47180 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged multiple vulnerabilities in Adobe Flash Player included in Solaris, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system. For more information: SA46113 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer3 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 10 12:33:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Dec 2011 21:33:08 +0100 Subject: [SEC] [SA47177] Ubuntu update for dovecot Message-ID: <201112102033.pBAKX8E3015459@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for dovecot SECUNIA ADVISORY ID: SA47177 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47177/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47177 RELEASE DATE: 2011-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/47177/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47177/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47177 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for dovecot. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks. For more information: SA46886 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1295-1: http://www.ubuntu.com/usn/usn-1295-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 10 13:34:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Dec 2011 22:34:42 +0100 Subject: [SEC] [SA47170] Ubuntu update for acpid Message-ID: <201112102134.pBALYgsX007963@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for acpid SECUNIA ADVISORY ID: SA47170 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47170/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47170 RELEASE DATE: 2011-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/47170/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47170/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47170 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for acpid. This fixes a security issue and a vulnerability, which can be exploited by malicious, local users to disclose potentially sensitive information and gain escalated privileges. For more information: SA47071 SA47155 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1296-1: http://www.ubuntu.com/usn/usn-1296-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 10 14:27:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Dec 2011 23:27:39 +0100 Subject: [SEC] [SA47145] CyberLink Power2Go Project File Processing Two Buffer Overflow Vulnerabilities Message-ID: <201112102227.pBAMRdE2032400@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: CyberLink Power2Go Project File Processing Two Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA47145 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47145/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47145 RELEASE DATE: 2011-12-09 DISCUSS ADVISORY: http://secunia.com/advisories/47145/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47145/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47145 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in CyberLink Power2Go, which can be exploited by malicious people to compromise a user's system. 1) A boundary error in the Power2Go project editor when parsing a filename field within project files can be exploited to cause a stack-based buffer overflow via a specially crafted P2G file. 2) A boundary error in the WaveEditor project editor when parsing a filename field within project files can be exploited to cause a stack-based buffer overflow via a specially crafted WVE file. Successful exploitation of the vulnerabilities allows execution of arbitrary code, but requires tricking a user into opening a malicious file. The vulnerabilities are confirmed in version 8.0.0.1031 and reported in version 7 Build 196. Other versions may also be affected. SOLUTION: Do not open files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Tom Gregory (modpr0be), Spentera ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/18220/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 10 14:48:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Dec 2011 23:48:29 +0100 Subject: [SEC] [SA47149] Red Hat update for util-linux-ng Message-ID: <201112102248.pBAMmTI6022836@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for util-linux-ng SECUNIA ADVISORY ID: SA47149 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47149/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47149 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47149/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47149/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47149 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for util-linux-ng. This fixes a security issue, which can be exploited by malicious, local users to cause a DoS (Denial of Service). For more information: SA43596 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1691-3: https://rhn.redhat.com/errata/RHSA-2011-1691.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 10 15:13:25 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 11 Dec 2011 00:13:25 +0100 Subject: [SEC] [SA47142] Red Hat update for krb5 Message-ID: <201112102313.pBANDPdT013484@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for krb5 SECUNIA ADVISORY ID: SA47142 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47142/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47142 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47142/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47142/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47142 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for krb5. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service). For more information: SA47124 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1790-1: https://rhn.redhat.com/errata/RHSA-2011-1790.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 10 15:48:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 11 Dec 2011 00:48:12 +0100 Subject: [SEC] [SA47150] Red Hat update for cups Message-ID: <201112102348.pBANmCCo004602@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for cups SECUNIA ADVISORY ID: SA47150 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47150/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47150 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47150/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47150/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47150 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for cups. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system. For more information: SA45713 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1635-3: https://rhn.redhat.com/errata/RHSA-2011-1635.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 10 16:13:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 11 Dec 2011 01:13:44 +0100 Subject: [SEC] [SA47124] Kerberos KDC "process_tgs_req()" NULL Pointer Dereference Denial of Service Vulnerability Message-ID: <201112110013.pBB0DiWO027668@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Kerberos KDC "process_tgs_req()" NULL Pointer Dereference Denial of Service Vulnerability SECUNIA ADVISORY ID: SA47124 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47124/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47124 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47124/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47124/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47124 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Kerberos, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to a NULL pointer dereference error within the "process_tgs_req()" function (src/kdc/do_tgs_req.c) and can be exploited to crash the KDC daemon by sending specially crafted TGS (Ticket Granting Service) requests. The vulnerability is reported in the krb5-1.9 branch. Prior branches are not affected. SOLUTION: Apply the patch. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Simo Sorce. ORIGINAL ADVISORY: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-007.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 10 16:48:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 11 Dec 2011 01:48:41 +0100 Subject: [SEC] [SA47121] WordPress Pretty Link Plugin "url" Cross-Site Scripting Vulnerability Message-ID: <201112110048.pBB0mfSg018823@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: WordPress Pretty Link Plugin "url" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA47121 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47121/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47121 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47121/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47121/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47121 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Pretty Link plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "url" parameter in wp-content/plugins/pretty-link/pretty-bar.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.5.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Am!r ORIGINAL ADVISORY: http://packetstormsecurity.org/files/107551/wordpressprettylink-xss.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 10 17:15:21 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 11 Dec 2011 02:15:21 +0100 Subject: [SEC] [SA47109] Struts2 SessionAware / RequestAware Session Manipulation Weakness Message-ID: <201112110115.pBB1FLDd009562@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Struts2 SessionAware / RequestAware Session Manipulation Weakness SECUNIA ADVISORY ID: SA47109 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47109/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47109 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47109/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47109/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47109 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions. The weakness is caused due to the org.apache.struts2.interceptor.SessionAware or org.apache.struts2.interceptor.RequestAware interfaces not blocking access to the session map, which can be exploited to change the session map by sending specially crafted requests to an application using the interfaces in combination with auto-binding. SOLUTION: Add session to the list of ignored parameters. PROVIDED AND/OR DISCOVERED BY: Hisato Killing ORIGINAL ADVISORY: https://issues.apache.org/jira/browse/WW-2264 https://issues.apache.org/jira/browse/WW-3631 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 10 17:48:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 11 Dec 2011 02:48:05 +0100 Subject: [SEC] [SA47133] Adobe Reader/Acrobat U3D Memory Corruption Vulnerability Message-ID: <201112110148.pBB1m565000506@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Adobe Reader/Acrobat U3D Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA47133 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47133/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47133 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47133/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47133/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47133 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Adobe Reader and Adobe Acrobat, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error when handling U3D data. No further information is currently available. NOTE: This is currently being actively exploited in targeted attacks against Adobe Reader 9.x on Windows. The vulnerability is reported in the following products: * Adobe Reader X versions 10.1.1 and prior for Windows and Macintosh. * Adobe Reader versions 9.4.6 and prior for Windows, Macintosh, and UNIX. * Adobe Acrobat X versions 10.1.1 and prior for Windows and Macintosh. * Adobe Acrobat versions 9.4.6 and prior for Windows and Macintosh. SOLUTION: Do not open untrusted PDF files. A fix is scheduled to be released for Adobe Reader and Acrobat 9.x for Windows in the week of December 12, 2011. PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day. ORIGINAL ADVISORY: http://www.adobe.com/support/security/advisories/apsa11-04.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Dec 10 18:13:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 11 Dec 2011 03:13:00 +0100 Subject: [SEC] [SA47147] Red Hat update for libxml2 Message-ID: <201112110213.pBB2D0YB023610@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for libxml2 SECUNIA ADVISORY ID: SA47147 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47147/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47147 RELEASE DATE: 2011-12-07 DISCUSS ADVISORY: http://secunia.com/advisories/47147/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47147/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47147 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for libxml2. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. For more information: SA42175 SA42721 SA44711 SA45325 SA46632 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1749-3: https://rhn.redhat.com/errata/RHSA-2011-1749.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 12 10:39:25 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 12 Dec 2011 19:39:25 +0100 Subject: [SEC] [SA47185] DoceboLMS "message[attach]" Arbitrary File Upload Vulnerability Message-ID: <201112121839.pBCIdPTD006652@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: DoceboLMS "message[attach]" Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA47185 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47185/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47185 RELEASE DATE: 2011-12-12 DISCUSS ADVISORY: http://secunia.com/advisories/47185/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47185/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47185 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in DoceboLMS, which can be exploited by malicious users to compromise a vulnerable system. Input passed to the "message[attach]" POST parameter in index.php (when "modname" is set to "message", "op" is set to "addmessage", "from" is set to "out", and "message[subject]" is not empty) is not properly verified before being used to upload files. This can be exploited to e.g. upload and execute arbitrary PHP files. The vulnerability is confirmed in version 4.0.4. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: mr_me::rwx kru ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/18224/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 12 11:39:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 12 Dec 2011 20:39:37 +0100 Subject: [SEC] [SA47182] WordPress UPM Polls Plugin "PID" SQL Injection Vulnerability Message-ID: <201112121939.pBCJdbtU031478@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: WordPress UPM Polls Plugin "PID" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA47182 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47182/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47182 RELEASE DATE: 2011-12-12 DISCUSS ADVISORY: http://secunia.com/advisories/47182/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47182/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47182 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the UPM Polls plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "PID" parameter to wp-admin/admin-ajax.php (when "action" is set to "upm_ayax_polls_result", "do" is set to "result", "type" is set to "general", and "post" is set to e.g. "1") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.0.4. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Saif El-Sherei ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/18231/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 12 12:34:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 12 Dec 2011 21:34:27 +0100 Subject: [SEC] [SA47243] WordPress WP Symposium Plugin "uid" Cross-Site Scripting Vulnerability Message-ID: <201112122034.pBCKYRdY023645@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: WordPress WP Symposium Plugin "uid" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA47243 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47243/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47243 RELEASE DATE: 2011-12-12 DISCUSS ADVISORY: http://secunia.com/advisories/47243/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47243/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47243 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered a vulnerability in the WP Symposium plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "uid" parameter to wp-content/plugins/wp-symposium/uploadify/get_profile_avatar.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 11.11.26. Other versions may also be affected. SOLUTION: Update to version 11.12.08. PROVIDED AND/OR DISCOVERED BY: Secunia Research. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2011-82/ WP Symposium: http://www.wpsymposium.com/2011/12/v11-12-08/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 12 13:36:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 12 Dec 2011 22:36:39 +0100 Subject: [SEC] [SA47239] Fedora update for openswan Message-ID: <201112122136.pBCLad4M016196@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Fedora update for openswan SECUNIA ADVISORY ID: SA47239 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47239/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47239 RELEASE DATE: 2011-12-12 DISCUSS ADVISORY: http://secunia.com/advisories/47239/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47239/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47239 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for openswan. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service). For more information: SA46681 SOLUTION: Apply updated packages via the yum utility ("yum update openswan"). ORIGINAL ADVISORY: FEDORA-2011-15127: http://lists.fedoraproject.org/pipermail/package-announce/2011-December/070704.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 12 14:29:16 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 12 Dec 2011 23:29:16 +0100 Subject: [SEC] [SA47174] Family Connections Cross-Site Request Forgery Vulnerability Message-ID: <201112122229.pBCMTGLu008247@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Family Connections Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA47174 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47174/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47174 RELEASE DATE: 2011-12-12 DISCUSS ADVISORY: http://secunia.com/advisories/47174/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47174/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47174 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Family Connections, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change an administrator's password by tricking a logged in administrator into visiting a malicious web site. The vulnerability is confirmed in version 2.7.2. Other versions may also be affected. SOLUTION: Do not browse untrusted sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: Ahmed Elhady Mohamed ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/18232/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 12 14:54:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 12 Dec 2011 23:54:26 +0100 Subject: [SEC] [SA47163] zFTPServer "RMD" Directory Traversal Vulnerability Message-ID: <201112122254.pBCMsQPG031282@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: zFTPServer "RMD" Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA47163 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47163/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47163 RELEASE DATE: 2011-12-12 DISCUSS ADVISORY: http://secunia.com/advisories/47163/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47163/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47163 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in zFTPServer, which can be exploited by malicious users to manipulate certain data. The vulnerability is caused due to an error within the handling of the "RMD" command, which can be exploited to delete the FTP root by sending a specially crafted "RMD" command containing directory traversal sequences. Successful exploitation requires permissions to delete directories within the user's home directory. The vulnerability is confirmed in version 6.0.0.52. Other versions may also be affected. SOLUTION: Restrict access to trusted users. PROVIDED AND/OR DISCOVERED BY: Stefan Schurtz ORIGINAL ADVISORY: zFTPServer: http://forum.zftpserver.com/viewtopic.php?f=4&t=2927 Stefan Schurtz: http://archives.neohapsis.com/archives/fulldisclosure/2011-12/0288.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 12 15:21:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Dec 2011 00:21:49 +0100 Subject: [SEC] [SA46882] Winamp AVI / IT File Processing Vulnerabilities Message-ID: <201112122321.pBCNLntd022075@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Winamp AVI / IT File Processing Vulnerabilities SECUNIA ADVISORY ID: SA46882 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46882/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46882 RELEASE DATE: 2011-12-12 DISCUSS ADVISORY: http://secunia.com/advisories/46882/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46882/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46882 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in Winamp, which can be exploited by malicious people to compromise a user's system. 1) An integer overflow error in the in_avi.dll plugin when allocating memory using the number of streams header value can be exploited to cause a heap-based buffer overflow via a specially crafted AVI file. 2) An integer overflow error in the in_avi.dll plugin when allocating memory using the RIFF INFO chunk's size value can be exploited to cause a heap-based buffer overflow via a specially crafted AVI file. 3) An error in the in_mod.dll plugin when parsing the song message data within Impulse Tracker (IT) files can be exploited to cause a heap-based buffer overflow. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are confirmed in version 5.622. Other versions may also be affected. SOLUTION: Update to version 5.623. PROVIDED AND/OR DISCOVERED BY: 1, 2) Dmitriy Pletnev, Secunia Research. 3) Hossein Lotfi via Secunia. ORIGINAL ADVISORY: Winamp: http://forums.winamp.com/showthread.php?t=332010 Secunia Research: http://secunia.com/secunia_research/2011-81/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 12 15:47:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Dec 2011 00:47:08 +0100 Subject: [SEC] [SA47211] Rocks'n'Diamonds Insecure Directory Permissions Security Issue Message-ID: <201112122347.pBCNl8AH012729@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Rocks'n'Diamonds Insecure Directory Permissions Security Issue SECUNIA ADVISORY ID: SA47211 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47211/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47211 RELEASE DATE: 2011-12-12 DISCUSS ADVISORY: http://secunia.com/advisories/47211/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47211/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47211 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Rocks'n'Diamonds, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the application creating e.g. the "~/.rocksndiamonds/" directory with insecure permissions, which can be exploited to e.g. overwrite arbitrary files via symlink attacks. The security issue is reported in version 3.3.0.1. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Reported by Jakub Wilk in a Debian bug. ORIGINAL ADVISORY: Debian Bug #651620: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651620 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 12 16:14:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Dec 2011 01:14:43 +0100 Subject: [SEC] [SA47187] SUSE update for jasper Message-ID: <201112130014.pBD0Eh80003479@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for jasper SECUNIA ADVISORY ID: SA47187 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47187/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47187 RELEASE DATE: 2011-12-12 DISCUSS ADVISORY: http://secunia.com/advisories/47187/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47187/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47187 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for jasper. This fixes two vulnerabilities, which can be exploited by malicious people to compromise an application using the library. For more information: SA47175 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:1317-1: http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00010.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 12 16:49:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Dec 2011 01:49:30 +0100 Subject: [SEC] [SA47206] Debian update for acpid Message-ID: <201112130049.pBD0nUFb027052@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Debian update for acpid SECUNIA ADVISORY ID: SA47206 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47206/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47206 RELEASE DATE: 2011-12-12 DISCUSS ADVISORY: http://secunia.com/advisories/47206/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47206/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47206 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for acpid. This fixes two security issues and a vulnerability, which can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and gain escalated privileges. For more information: SA42947 SA47071 SA47155 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2362-1: http://lists.debian.org/debian-security-announce/2011/msg00240.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 12 17:15:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Dec 2011 02:15:32 +0100 Subject: [SEC] [SA47235] ClassifiedsGeek Pet Listing "bedroom_from" Cross-Site Scripting Vulnerability Message-ID: <201112130115.pBD1FWdH017754@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: ClassifiedsGeek Pet Listing "bedroom_from" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA47235 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47235/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47235 RELEASE DATE: 2011-12-12 DISCUSS ADVISORY: http://secunia.com/advisories/47235/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47235/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47235 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Mr.PaPaRoSSe has reported a vulnerability in ClassifiedsGeek Pet Listing, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "bedroom_from" to preview.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: Mr.PaPaRoSSe ORIGINAL ADVISORY: http://paparosse.blogspot.com/2011/12/pet-listing-cross-site-scripting.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 12 17:50:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Dec 2011 02:50:28 +0100 Subject: [SEC] [SA47134] Oracle Java Software Update Spoofing Vulnerability Message-ID: <201112130150.pBD1oSS4008912@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Oracle Java Software Update Spoofing Vulnerability SECUNIA ADVISORY ID: SA47134 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47134/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47134 RELEASE DATE: 2011-12-12 DISCUSS ADVISORY: http://secunia.com/advisories/47134/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47134/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47134 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Francisco Amato has reported a vulnerability in Oracle Java, which can be exploited by malicious people to conduct spoofing attacks. The vulnerability is caused due to the "Java Update" mechanism insecurely validating new updates and can be exploited to e.g. spoof an update via Man-in-the-Middle (MitM) attacks. This is related to vulnerability #12: SA32991 The vulnerability is reported in versions 1.6.0.28 and prior. SOLUTION: Do not use the "Java Update" utility. PROVIDED AND/OR DISCOVERED BY: Francisco Amato, Infobyte Security Research. ORIGINAL ADVISORY: Infobyte Security Research: http://blog.infobytesec.com/2011/12/pwning-java-update-process-2007-today.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 13 10:45:04 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Dec 2011 19:45:04 +0100 Subject: [SEC] [SA47126] Ubuntu update for linux-ti-omap4 Message-ID: <201112131845.pBDIj4Pm018035@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-ti-omap4 SECUNIA ADVISORY ID: SA47126 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47126/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47126 RELEASE DATE: 2011-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/47126/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47126/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47126 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-ti-omap4. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious people to cause a DoS. For more information: SA45420 SA46584 SA46591 SA46802 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1302-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-December/001521.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 13 12:05:22 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Dec 2011 21:05:22 +0100 Subject: [SEC] [SA47098] Microsoft Office Word Document Parsing Use-After-Free Vulnerability Message-ID: <201112132005.pBDK5Mij011455@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Microsoft Office Word Document Parsing Use-After-Free Vulnerability SECUNIA ADVISORY ID: SA47098 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47098/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47098 RELEASE DATE: 2011-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/47098/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47098/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47098 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a use-after-free error when parsing Word documents and can be exploited to dereference already freed memory. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Nikita Tarakanov, CISS Research Team and Alexey Sintsov, Digital Security Research Group via ZDI. ORIGINAL ADVISORY: MS11-089 (KB2590602, KB2596785, KB2589320, KB2589320, KB2644347): http://technet.microsoft.com/en-us/security/bulletin/ms11-089 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 13 12:37:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Dec 2011 21:37:59 +0100 Subject: [SEC] [SA47117] Microsoft Windows Media DVR-MS Parsing Memory Corruption Vulnerability Message-ID: <201112132037.pBDKbxaV002423@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Media DVR-MS Parsing Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA47117 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47117/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47117 RELEASE DATE: 2011-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/47117/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47117/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47117 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in Windows Media Player and Windows Media Center when parsing Microsoft Digital Video Recording files (DVR-MS) and can be exploited to corrupt memory. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits an anonymous person via iDefense. ORIGINAL ADVISORY: MS11-092 (KB2648048, KB2619339, KB2619340): http://technet.microsoft.com/en-us/security/bulletin/ms11-092 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 13 13:40:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Dec 2011 22:40:06 +0100 Subject: [SEC] [SA47203] Microsoft Office Excel Record Parsing Memory Corruption Vulnerability Message-ID: <201112132140.pBDLe6ss027406@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Microsoft Office Excel Record Parsing Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA47203 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47203/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47203 RELEASE DATE: 2011-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/47203/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47203/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47203 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error when handling certain objects while parsing records and can be exploited to corrupt memory. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply updates. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits an anonymous person via iDefense. ORIGINAL ADVISORY: MS11-096 (KB2640241, KB2596954, KB2644358): http://technet.microsoft.com/en-us/security/bulletin/ms11-096 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 13 14:36:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Dec 2011 23:36:05 +0100 Subject: [SEC] [SA47210] Microsoft Windows CSRSS Device Event Message Privilege Escalation Vulnerability Message-ID: <201112132236.pBDMa5Pe019648@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Microsoft Windows CSRSS Device Event Message Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA47210 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47210/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47210 RELEASE DATE: 2011-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/47210/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47210/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47210 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an error in the Client/Server Run-time Subsystem (CSRSS) within Csrsrv.dll when validating permissions for a device event message. This can be exploited by a low integrity process sending a message to a higher integrity process. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Alex Ionescu, Winsider Seminars & Solutions Inc. ORIGINAL ADVISORY: MS11-097 (KB2620712): http://technet.microsoft.com/en-us/security/bulletin/ms11-097 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 13 15:03:13 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Dec 2011 00:03:13 +0100 Subject: [SEC] [SA47207] Microsoft Windows OLE Objects Property Handling Vulnerability Message-ID: <201112132303.pBDN3DZL010425@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Microsoft Windows OLE Objects Property Handling Vulnerability SECUNIA ADVISORY ID: SA47207 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47207/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47207 RELEASE DATE: 2011-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/47207/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47207/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47207 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error when handling certain properties of an Object Linking and Embedding (OLE) object and can be exploited via a specially crafted file containing an OLE object. Successful exploitation allows execution of arbitrary code, but requires tricking a user into opening a specially crafted file. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits an anonymous person via iDefense. ORIGINAL ADVISORY: MS11-093 (KB2624667): http://technet.microsoft.com/en-us/security/bulletin/ms11-093 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 13 15:36:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Dec 2011 00:36:14 +0100 Subject: [SEC] [SA47213] Microsoft Office PowerPoint OfficeArt Record Parsing Vulnerability Message-ID: <201112132336.pBDNaE4f001394@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Microsoft Office PowerPoint OfficeArt Record Parsing Vulnerability SECUNIA ADVISORY ID: SA47213 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47213/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47213 RELEASE DATE: 2011-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/47213/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47213/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47213 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Office PowerPoint, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error when processing OfficeArt Shape records. This can be exploited to corrupt memory via a specially crafted PowerPoint file. Successful exploitation may allow execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits an anonymous person via ZDI. ORIGINAL ADVISORY: MS11-094 (KB2596764, KB2596843, KB2596912, KB2644354): http://technet.microsoft.com/en-us/security/bulletin/ms11-094 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 13 16:05:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Dec 2011 01:05:57 +0100 Subject: [SEC] [SA47099] Microsoft Time ActiveX Control Code Execution Vulnerability Message-ID: <201112140005.pBE05vVg024742@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Microsoft Time ActiveX Control Code Execution Vulnerability SECUNIA ADVISORY ID: SA47099 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47099/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47099 RELEASE DATE: 2011-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/47099/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47099/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47099 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error in the bundled Microsoft Time ActiveX control (DATIME.DLL). Successful exploitation allows execution of arbitrary code when viewing a specially crafted web page using Internet Explorer. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits an anonymous person via iDefense. ORIGINAL ADVISORY: MS11-090 (KB2618451): http://technet.microsoft.com/en-us/security/bulletin/ms11-090 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 13 16:32:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Dec 2011 01:32:18 +0100 Subject: [SEC] [SA47204] Microsoft Windows Kernel Exception Handler Privilege Escalation Vulnerability Message-ID: <201112140032.pBE0WIMH015486@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Kernel Exception Handler Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA47204 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47204/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47204 RELEASE DATE: 2011-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/47204/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47204/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47204 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due an error within certain exception handlers in the kernel when handling objects, which can be exploited to execute arbitrary code with kernel-mode privileges. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Matthew Jurczyk via iDefense. ORIGINAL ADVISORY: MS11-098 (KB2633171): http://technet.microsoft.com/en-us/security/bulletin/ms11-098 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 13 17:09:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Dec 2011 02:09:46 +0100 Subject: [SEC] [SA47202] Microsoft Windows Active Directory Query Processing Buffer Overflow Vulnerability Message-ID: <201112140109.pBE19kJ7006773@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Active Directory Query Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA47202 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47202/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47202 RELEASE DATE: 2011-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/47202/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47202/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47202 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to an error within the implementations of Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) when handling certain queries. This can be exploited to cause a buffer overflow via a specially crafted query. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply updates. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MS11-095 (KB2640045, KB2626416, KB2621146): http://technet.microsoft.com/en-us/security/bulletin/ms11-095 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 13 17:29:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Dec 2011 02:29:42 +0100 Subject: [SEC] [SA47208] Microsoft Office PowerPoint Insecure Library Loading Vulnerability Message-ID: <201112140129.pBE1Tgch029538@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Microsoft Office PowerPoint Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA47208 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47208/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47208 RELEASE DATE: 2011-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/47208/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47208/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47208 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Office PowerPoint, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading unspecified libraries in an insecure manner. This can be exploited to load an arbitrary library by tricking a user into opening a PowerPoint file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Greg MacManus, iSIGHT Partners Labs. ORIGINAL ADVISORY: MS11-094 (KB2596764, KB2553185): http://technet.microsoft.com/en-us/security/bulletin/ms11-094 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 13 17:50:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Dec 2011 02:50:12 +0100 Subject: [SEC] [SA47062] Microsoft Office Pinyin IME for Simplified Chinese Privilege Escalation Message-ID: <201112140150.pBE1oC2B019964@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Microsoft Office Pinyin IME for Simplified Chinese Privilege Escalation SECUNIA ADVISORY ID: SA47062 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47062/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47062 RELEASE DATE: 2011-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/47062/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47062/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47062 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Office, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the Microsoft Pinyin (MSPY) Input Method Editor (IME) for Simplified Chinese unsafely exposing certain configuration options, which can be exploited to execute arbitrary code with kernel-mode privileges. NOTE: Microsoft Pinyin IME is installed by default with Office 2010 Chinese edition. It is an optional component for other language versions. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Yang Yanbei. ORIGINAL ADVISORY: MS11-088 (KB2652016, KB2596511, KB2647540): http://technet.microsoft.com/en-us/security/bulletin/ms11-088 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 13 18:15:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Dec 2011 03:15:18 +0100 Subject: [SEC] [SA47194] Ubuntu update for linux-lts-backport-natty Message-ID: <201112140215.pBE2FIYC010630@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-lts-backport-natty SECUNIA ADVISORY ID: SA47194 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47194/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47194 RELEASE DATE: 2011-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/47194/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47194/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47194 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-lts-backport-natty. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges. For more information: SA46584 SA46591 SA46802 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1301-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-December/001520.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 13 18:50:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Dec 2011 03:50:06 +0100 Subject: [SEC] [SA47189] Ubuntu update for linux-fsl-imx51 Message-ID: <201112140250.pBE2o6v6001713@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-fsl-imx51 SECUNIA ADVISORY ID: SA47189 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47189/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47189 RELEASE DATE: 2011-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/47189/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47189/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47189 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-fsl-imx51. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges. For more information: SA46591 SA46802 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1300-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-December/001519.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 13 19:21:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Dec 2011 04:21:33 +0100 Subject: [SEC] [SA46996] Ubuntu update for linux-ti-omap4 Message-ID: <201112140321.pBE3LX2r025651@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-ti-omap4 SECUNIA ADVISORY ID: SA46996 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46996/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46996 RELEASE DATE: 2011-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/46996/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46996/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46996 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-ti-omap4. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious people to cause a DoS. For more information: SA44625 SA45420 SA46584 SA46591 SA46802 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1304-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-December/001523.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 13 19:47:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Dec 2011 04:47:17 +0100 Subject: [SEC] [SA47060] Ubuntu update for linux-mvl-dove Message-ID: <201112140347.pBE3lHjt016345@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-mvl-dove SECUNIA ADVISORY ID: SA47060 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47060/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47060 RELEASE DATE: 2011-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/47060/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47060/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47060 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-mvl-dove. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and potentially gain escalated privileges and by malicious people to cause a DoS. For more information: SA43576 SA45420 SA46584 SA46591 SA46802 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1303-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-December/001522.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 13 20:16:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Dec 2011 05:16:43 +0100 Subject: [SEC] [SA47198] WordPress SCORM Cloud For WordPress Plugin "active" SQL Injection Vulnerability Message-ID: <201112140416.pBE4GhFX007219@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: WordPress SCORM Cloud For WordPress Plugin "active" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA47198 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47198/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47198 RELEASE DATE: 2011-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/47198/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47198/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47198 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the SCORM Cloud For WordPress plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "active" POST parameter to ajax.php (when "action" is set to "setactive") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.0.6.6. Prior versions may also be affected. SOLUTION: Update to version 1.0.7. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: SCORM Cloud For WordPress: http://wordpress.org/extend/plugins/scormcloud/changelog/ http://plugins.trac.wordpress.org/changeset/435356/scormcloud OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 13 20:47:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Dec 2011 05:47:20 +0100 Subject: [SEC] [SA47186] Ubuntu update for linux-ec2 Message-ID: <201112140447.pBE4lKWZ030539@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-ec2 SECUNIA ADVISORY ID: SA47186 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47186/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47186 RELEASE DATE: 2011-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/47186/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47186/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47186 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-ec2. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and potentially gain escalated privileges and by malicious people to cause a DoS (Denial of Service). For more information: SA43576 SA45420 SA46584 SA46591 SA46802 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1299-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-December/001518.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 13 21:12:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Dec 2011 06:12:55 +0100 Subject: [SEC] [SA47195] Cacti Multiple Vulnerabilities Message-ID: <201112140512.pBE5Ctr5021231@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Cacti Multiple Vulnerabilities SECUNIA ADVISORY ID: SA47195 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47195/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47195 RELEASE DATE: 2011-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/47195/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47195/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47195 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Cacti, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) Input passed to the "default_height" and "default_width" parameters in graph_settings.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "num_columns" parameter in graph_settings.php is not properly sanitised before being used. This can be exploited to insert HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed. 3) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. log out a user when a logged-in user visits a specially crafted web page. The vulnerabilities are reported in versions prior to 0.8.7i. SOLUTION: Update to version 0.8.7i. PROVIDED AND/OR DISCOVERED BY: red_garlic within a Cacti forum post. ORIGINAL ADVISORY: Cacti: http://forums.cacti.net/viewtopic.php?f=4&t=45871 http://forums.cacti.net/viewtopic.php?f=21&t=44116 http://bugs.cacti.net/view.php?id=2062 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 13 21:47:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Dec 2011 06:47:31 +0100 Subject: [SEC] [SA47212] Microsoft Internet Explorer Three Vulnerabilities Message-ID: <201112140547.pBE5lVSY012375@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Microsoft Internet Explorer Three Vulnerabilities SECUNIA ADVISORY ID: SA47212 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47212/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47212 RELEASE DATE: 2011-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/47212/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47212/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47212 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Three vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to disclose sensitive information and compromise a user's system. 1) An error within the XSS Filter feature when handling certain events can be exploited to disclose information from another domain or Internet Explorer zone. NOTE: This vulnerability only affects Internet Explorer 8. 2) The application loads certain libraries in an insecure manner and can be exploited to load arbitrary libraries by tricking a user into e.g. opening an HTML file located on a remote WebDAV or SMB share. NOTE: This vulnerability only affects Internet Explorer 9. 3) An error within the handling of the Content-Disposition header can be exploited to disclose information from another domain or Internet Explorer zone. SOLUTION: Apply updates. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Thomas Stehle 2) Andy Cooper, Citrix Security Team 3) Robert Swiecki, Google ORIGINAL ADVISORY: MS11-099 (KB2618444): http://technet.microsoft.com/en-us/security/bulletin/ms11-099 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 13 22:11:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Dec 2011 07:11:55 +0100 Subject: [SEC] [SA47178] SUSE update for dhcp Message-ID: <201112140611.pBE6Btu4002952@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for dhcp SECUNIA ADVISORY ID: SA47178 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47178/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47178 RELEASE DATE: 2011-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/47178/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47178/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47178 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for dhcp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA47153 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:1318-1: http://lists.opensuse.org/opensuse-updates/2011-12/msg00006.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 14 10:36:16 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Dec 2011 19:36:16 +0100 Subject: [SEC] [SA47250] Fork CMS Two Cross-Site Scripting Vulnerabilities Message-ID: <201112141836.pBEIaG04030374@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Fork CMS Two Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA47250 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47250/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47250 RELEASE DATE: 2011-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/47250/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47250/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47250 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in Fork CMS, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed via the URL is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "q_widget" parameter is not properly sanitised before being returned to the user as part of a canonical URL. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation of the vulnerabilities requires that the victim uses a browser that does not URL-encode the request (e.g. Internet Explorer 6). The vulnerabilities are confirmed in version 3.1.6. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Avram Marius Gabriel (d3v1l) ORIGINAL ADVISORY: http://packetstormsecurity.org/files/107815/forkcms-xss.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 14 11:35:25 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Dec 2011 20:35:25 +0100 Subject: [SEC] [SA47218] IBM Tivoli Federated Identity Manager SAML Signature Validation Security Bypass Message-ID: <201112141935.pBEJZPbB022769@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: IBM Tivoli Federated Identity Manager SAML Signature Validation Security Bypass SECUNIA ADVISORY ID: SA47218 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47218/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47218 RELEASE DATE: 2011-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/47218/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47218/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47218 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error when validating SAML signatures and can be exploited to bypass the signature validation mechanism via a non-conforming SAML signature. Successful exploitation requires the use of SAML based protocols (SAML 1.0, 1.1, or 2.0) or Security Token Service modules. The vulnerability is reported in versions 6.1.1, 6.2.0, and 6.2.1. SOLUTION: Update to version 6.1.1 Interim Fix 12, 6.2.0 Interim Fix 10, or 6.2.1 Fix Pack 2. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (IV10793, IV10801, IV10813): http://www.ibm.com/support/docview.wss?uid=swg21575309 http://www.ibm.com/support/docview.wss?uid=swg24031351 http://www.ibm.com/support/docview.wss?uid=swg24031348 http://www.ibm.com/support/docview.wss?uid=swg24029500 IBM X-Force: http://xforce.iss.net/xforce/xfdb/71686 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 14 12:32:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Dec 2011 21:32:40 +0100 Subject: [SEC] [SA47222] IBM AIX Inventory Scout Data Manipulation and File Deletion Vulnerabilities Message-ID: <201112142032.pBEKWedA015067@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: IBM AIX Inventory Scout Data Manipulation and File Deletion Vulnerabilities SECUNIA ADVISORY ID: SA47222 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47222/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47222 RELEASE DATE: 2011-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/47222/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47222/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47222 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in IBM AIX, which can be exploited by malicious, local users to manipulate certain data and perform certain actions with escalated privileges. 1) An error within inventory scout can be exploited to manipulate certain files via symlink attacks. 2) An unspecified error within inventory scout can be exploited to delete certain system files. The vulnerabilities are reported in AIX 5.3, 6.1, and 7.1 running invscout.rte versions prior to 2.2.0.19. SOLUTION: Apply APAR IV11643. PROVIDED AND/OR DISCOVERED BY: The vendor credits Jakub Wartak ORIGINAL ADVISORY: IBM (IV11643): http://aix.software.ibm.com/aix/efixes/security/invscout_advisory2.asc IBM X-Force: http://xforce.iss.net/xforce/xfdb/71615 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 14 13:33:25 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Dec 2011 22:33:25 +0100 Subject: [SEC] [SA47255] RSA Adaptive Authentication On-Premise Two Security Bypass Vulnerabilities Message-ID: <201112142133.pBELXPG1007537@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: RSA Adaptive Authentication On-Premise Two Security Bypass Vulnerabilities SECUNIA ADVISORY ID: SA47255 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47255/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47255 RELEASE DATE: 2011-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/47255/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47255/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47255 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in RSA Adaptive Authentication, which can be exploited by malicious people to bypass certain security restrictions. 1) An error when validating certain data elements passed to the application can be exploited to perform a device recovery on a non-registered device or a registered device with forensic differences. 2) An error when validating device tokens from mobile applications can be exploited to allow access without a challenge. The vulnerabilities are reported in the following versions: * 6.0.2.1 SP1 Patch 2 * 6.0.2.1 SP1 Patch 3 * 6.0.2.1 SP2 * 6.0.2.1 SP2 Patch 1 * 6.0.2.1 SP3 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2011-12/att-0073/ESA-2011-036.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 14 14:26:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Dec 2011 23:26:06 +0100 Subject: [SEC] [SA46766] PHP-SCMS "lang" Cross-Site Scripting Vulnerability Message-ID: <201112142226.pBEMQ6ew031985@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: PHP-SCMS "lang" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA46766 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46766/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46766 RELEASE DATE: 2011-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/46766/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46766/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46766 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Stefan Schurtz has discovered a vulnerability in PHP-SCMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "lang" parameter to index.php is not properly sanitised in templates/default/Admin/Login.html before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.6.8. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Stefan Schurtz via Secunia. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 14 14:48:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Dec 2011 23:48:52 +0100 Subject: [SEC] [SA47225] Pulse Pro CMS Sensitive Information Disclosure and Cross-Site Scripting Vulnerabilities Message-ID: <201112142248.pBEMmqTI022540@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Pulse Pro CMS Sensitive Information Disclosure and Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA47225 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47225/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47225 RELEASE DATE: 2011-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/47225/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47225/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47225 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and two vulnerabilities have been reported in Pulse Pro CMS, which can be exploited by malicious people to disclose sensitive information and conduct cross-site scripting attacks. 1) The application stores backups with predictable file names inside the data/backups directory, which can be exploited to disclose sensitive information by downloading a file. This is related to: SA44315 2) Input passed to the "d" parameter in index.php (when "p" is set to "blocks") and the "post_id" parameter in index.php (when "p" is set to "edit-post") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in version 1.7.2. Other versions may also be affected. SOLUTION: Restrict access to the "data/backups" directory (e.g. via .htaccess). Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: 1) KedAns-Dz 2) d3v1l ORIGINAL ADVISORY: d3v1l: http://packetstormsecurity.org/files/107830/pulsepro172-xss.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 14 15:13:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Dec 2011 00:13:40 +0100 Subject: [SEC] [SA47005] Social Book Facebook clone 2010 Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201112142313.pBENDegx013171@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Social Book Facebook clone 2010 Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA47005 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47005/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47005 RELEASE DATE: 2011-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/47005/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47005/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47005 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Social Book Facebook clone 2010, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the URL to index.php, signup.php, lostpass.php, login.php, help_tos.php, help_contact.php, and help.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Eyup CELIK ORIGINAL ADVISORY: http://packetstormsecurity.org/files/107344/socialbook-xss.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 14 15:46:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Dec 2011 00:46:58 +0100 Subject: [SEC] [SA47232] Splunk Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities Message-ID: <201112142346.pBENkw8N004248@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Splunk Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities SECUNIA ADVISORY ID: SA47232 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47232/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47232 RELEASE DATE: 2011-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/47232/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47232/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47232 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Splunk, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. execute arbitrary code when a logged-in administrator visits a specially crafted web page. The vulnerabilities are reported in versions 4.2 through 4.2.4. SOLUTION: Update to version 4.2.5. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Emmanuel Bouillon, NATO C3 Agency 2) Gary Oleary-Steele ORIGINAL ADVISORY: Splunk: http://www.splunk.com/view/SP-CAAAGMM OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 14 16:16:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Dec 2011 01:16:52 +0100 Subject: [SEC] [SA47146] International Components for Unicode (ICU) "_canonicalize()" Buffer Overflow Vulnerability Message-ID: <201112150016.pBF0GqRn027540@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: International Components for Unicode (ICU) "_canonicalize()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA47146 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47146/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47146 RELEASE DATE: 2011-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/47146/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47146/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47146 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the International Components for Unicode (ICU), which potentially can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to an error within the "_canonicalize()" function (source/common/uloc.c) and can be exploited to cause a stack-based buffer overflow via specially crafted locale IDs. The vulnerability is reported in icu4c 4.8.1.1 (C/C++ version). Other versions may be also affected. SOLUTION: There's currently no known effective workaround. PROVIDED AND/OR DISCOVERED BY: Reported in a Chromium bug report. ORIGINAL ADVISORY: ICU bug #8984: http://bugs.icu-project.org/trac/ticket/8984 Chromium bug #106441: http://code.google.com/p/chromium/issues/detail?id=106441 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 14 16:47:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Dec 2011 01:47:39 +0100 Subject: [SEC] [SA47247] Ubuntu update for nova Message-ID: <201112150047.pBF0ld0q018477@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for nova SECUNIA ADVISORY ID: SA47247 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47247/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47247 RELEASE DATE: 2011-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/47247/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47247/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47247 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for nova. This fixes two vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system. For more information: SA47254 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1305-1: http://www.ubuntu.com/usn/usn-1305-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 14 17:15:04 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Dec 2011 02:15:04 +0100 Subject: [SEC] [SA47254] OpenStack Nova EC2 RegisterImage Action Directory Traversal Vulnerabilities Message-ID: <201112150115.pBF1F4kf009270@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: OpenStack Nova EC2 RegisterImage Action Directory Traversal Vulnerabilities SECUNIA ADVISORY ID: SA47254 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47254/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47254 RELEASE DATE: 2011-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/47254/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47254/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47254 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in OpenStack Compute (Nova), which can be exploited by malicious users to compromise a vulnerable system. 1) The application does not properly sanitise image file names in EC2 image manifests when handling the EC2 RegisterImage action, which can be exploited to create files outside the intended directories via directory traversal attacks. 2) The application does not properly sanitise file names contained in EC2 image tarfiles when handling the EC2 RegisterImage action, which can be exploited to create files outside the intended directories via directory traversal attacks. Successful exploitation requires access to the EC2 API and the S3/RegisterImage action. The vulnerabilities are reported in version 2011.3 and prior. Other versions may also be affected. SOLUTION: Fixed in the GIT repository. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: David Black ORIGINAL ADVISORY: OSSA 2011-001: https://lists.launchpad.net/openstack/msg06105.html https://bugs.launchpad.net/nova/+bug/885167 https://bugs.launchpad.net/nova/+bug/894755 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 14 17:47:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Dec 2011 02:47:45 +0100 Subject: [SEC] [SA47228] Red Hat update for ipmitool Message-ID: <201112150147.pBF1ljs9032690@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for ipmitool SECUNIA ADVISORY ID: SA47228 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47228/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47228 RELEASE DATE: 2011-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/47228/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47228/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47228 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for ipmitool. This fixes a security issue, which can be exploited by malicious, local users to cause a DoS (Denial of Service). For more information: SA47173 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1814-01: https://rhn.redhat.com/errata/RHSA-2011-1814.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 14 18:13:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Dec 2011 03:13:09 +0100 Subject: [SEC] [SA46893] Simple PHP Blog "entry" and "category" Cross-Site Scripting Vulnerabilities Message-ID: <201112150213.pBF2D9uP023387@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Simple PHP Blog "entry" and "category" Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA46893 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46893/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46893 RELEASE DATE: 2011-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/46893/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46893/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46893 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: mghack has discovered two vulnerabilities in Simple PHP Blog, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "entry" parameter to delete.php and the "category" parameter to index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 0.7.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: mghack via Secunia. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 14 18:47:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Dec 2011 03:47:10 +0100 Subject: [SEC] [SA47227] Red Hat update for icu Message-ID: <201112150247.pBF2lAE0014499@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for icu SECUNIA ADVISORY ID: SA47227 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47227/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47227 RELEASE DATE: 2011-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/47227/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47227/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47227 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for icu. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise an application using the library. For more information: SA47146 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1815-01: https://rhn.redhat.com/errata/RHSA-2011-1815.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 14 19:16:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Dec 2011 04:16:28 +0100 Subject: [SEC] [SA47252] Bokken Insecure Temporary File Security Issue Message-ID: <201112150316.pBF3GS9K005847@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Bokken Insecure Temporary File Security Issue SECUNIA ADVISORY ID: SA47252 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47252/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47252 RELEASE DATE: 2011-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/47252/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47252/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47252 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been discovered in Bokken, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the application creating a temporary file (e.g. "/tmp/graph.dot") in an insecure manner, which can be exploited to overwrite arbitrary files via symlink attacks. Successful exploitation requires that the radare backend is used. The security issue is confirmed in version 1.5. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. Do not use the radare backend. PROVIDED AND/OR DISCOVERED BY: Reported in a Debian bug by Paul Wise. ORIGINAL ADVISORY: Debian bug #651931: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651931 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 14 19:46:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Dec 2011 04:46:37 +0100 Subject: [SEC] [SA47242] HTC Touch2 HTCVideoPlayer File Processing Memory Corruption Vulnerability Message-ID: <201112150346.pBF3kbqm029143@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: HTC Touch2 HTCVideoPlayer File Processing Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA47242 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47242/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47242 RELEASE DATE: 2011-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/47242/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47242/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47242 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SignalSEC Labs has reported a vulnerability in HTC Touch2, which can be exploited by malicious people to compromise a user's device. The vulnerability is caused due to an error in HTCVideoPlayer.exe when parsing the "stbl" atom. This can be exploited to corrupt memory via a specially crafted 3G2 video file. Successful exploitation may allow execution of arbitrary code, but requires tricking a user into viewing a malicious file. SOLUTION: Do not open files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Celil UNUVER, SignalSEC Labs ORIGINAL ADVISORY: SignalSEC Labs: http://archives.neohapsis.com/archives/bugtraq/2011-12/0055.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 14 20:11:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Dec 2011 05:11:32 +0100 Subject: [SEC] [SA47209] Squiz Matrix "a" User Enumeration Weakness Message-ID: <201112150411.pBF4BWHa019787@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Squiz Matrix "a" User Enumeration Weakness SECUNIA ADVISORY ID: SA47209 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47209/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47209 RELEASE DATE: 2011-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/47209/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47209/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47209 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Troy Rose has reported a weakness in Squiz Matrix, which can be exploited by malicious people to disclose sensitive information. The weakness is caused due to the application displaying the username for an asset when the id is provided via the "a" parameter, which can be exploited to enumerate all valid usernames. The weakness is reported in versions 4.4.4 and prior and versions 4.6.0 and prior. SOLUTION: Update to version 4.4.5 or 4.6.1. PROVIDED AND/OR DISCOVERED BY: Troy Rose, OSI Security. ORIGINAL ADVISORY: OSI Security: http://www.osisecurity.com.au/advisories/squiz-matrix-user-enumeration OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 14 20:48:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Dec 2011 05:48:00 +0100 Subject: [SEC] [SA47019] Schneider Electric Ethernet Modules Undocumented Account Security Issues Message-ID: <201112150448.pBF4m0Qv011019@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Schneider Electric Ethernet Modules Undocumented Account Security Issues SECUNIA ADVISORY ID: SA47019 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47019/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47019 RELEASE DATE: 2011-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/47019/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47019/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47019 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ruben Santamarta has reported some security issues in multiple Schneider Electric modules, which can be exploited by malicious people to bypass certain security restrictions. 1) The Telnet service contains undocumented hardcoded credentials, which can be exploited to gain access to the service and e.g. modify module's memory and execute arbitrary code. 2) The Windriver Debug service contains undocumented hardcoded credentials, which can be exploited to gain access to the service and e.g. modify module's memory and execute arbitrary code. 3) The FTP service contains undocumented hardcoded credentials, which can be exploited to gain access to the service and e.g. modify HTTP passwords and upload malicious firmware. Please see the ICS-CERT's advisory for a list of affected products and versions. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Ruben Santamarta ORIGINAL ADVISORY: Ruben Santamarta: http://reversemode.com/index.php?option=com_content&task=view&id=80&Itemid=1 ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-346-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 14 21:13:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Dec 2011 06:13:44 +0100 Subject: [SEC] [SA47231] Google Chrome Multiple Vulnerabilities Message-ID: <201112150513.pBF5Di3S001638@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA47231 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47231/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47231 RELEASE DATE: 2011-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/47231/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47231/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47231 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to conduct spoofing attacks, disclose potentially sensitive information, and compromise a user's system. 1) An error within regex matching can be exploited to cause an out-of-bounds read. 2) An error in libxml can be exploited to cause an out-of-bounds read. 3) An error in the PDF parser can be exploited to cause an out-of-bounds read. 4) An error in the view-source functionality can be exploited to spoof a URL bar. 5) An error within SVG parsing can be exploited to cause an out-of-bounds read. 6) An error when handling a CSS property array can be exploited to corrupt memory. NOTE: This vulnerability affects the 64-bit platforms only. 7) An error when handling YUV video frames can be exploited to cause an out-of-bounds read. 8) An error within PDF handling can be exploited to cause an out-of-bounds read. 9) A use-after-free error exists in SVG filters. 10) A use-after-free error exists within Range handling. 11) An error within v8 i18n handling can be exploited to cause an out-of-bounds write. 12) An error when handling certain PDF fonts can be exploited to cause a buffer overflow. 13) An error when handling PDF cross references can be exploited to cause an out-of-bounds read. 14) An error in FileWatcher can be exploited to cause a stack-based buffer overflow. 15) A use-after-free error exists within bidi handling. Successful exploitation of vulnerabilities #6, #9 - #12, #14, and #15 may allow execution of arbitrary code. SOLUTION: Upgrade to version 16.0.912.63. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) David Holloway, Chromium development community 2, 15) Inferno, Google Chrome Security Team 3, 5) Aki Helin, OUSPG 4) Luka Treiber, ACROS Security 6, 8) scarybeasts, Google Chrome Security Team 6) Chu 7) Cris Neckar, Google Chrome Security Team 8) Robert Swiecki, Google Security Team. 9, 10) Arthur Gerkis. 11) Slawomir Blazek 12, 13) Atte Kettunen, OUSPG 14) Marty Barbella, Google Chrome Security Team 15) miaubiz. ORIGINAL ADVISORY: Google: http://googlechromereleases.blogspot.com/2011/12/stable-channel-update.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 14 21:48:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Dec 2011 06:48:38 +0100 Subject: [SEC] [SA47251] Adobe ColdFusion Two Cross-Site Scripting Vulnerabilities Message-ID: <201112150548.pBF5mc43025261@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Adobe ColdFusion Two Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA47251 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47251/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47251 RELEASE DATE: 2011-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/47251/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47251/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47251 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Adobe ColdFusion, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed via the cfform tag is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the RDS (Remote Development Services) component is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in versions 9.0.1, 9.0, 8.0.1, and 8.0 for Windows, Macintosh, and UNIX. SOLUTION: Apply hotfix (please see the vendor's advisory for more information). Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Shawn Gorrell and Howard Fore, Federal Reserve Bank. 2) Oren Hafif, Hacktics ASC, Ernst & Young. ORIGINAL ADVISORY: Adobe (APSB11-29): http://www.adobe.com/support/security/bulletins/apsb11-29.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 14 22:13:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Dec 2011 07:13:19 +0100 Subject: [SEC] [SA47238] Joomla! QContacts Component "filter_order" SQL Injection Vulnerability Message-ID: <201112150613.pBF6DJ5f015902@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Joomla! QContacts Component "filter_order" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA47238 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47238/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47238 RELEASE DATE: 2011-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/47238/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47238/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47238 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the QContacts component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "filter_order" parameter to index.php (when "option" is set to "com_qcontacts" and "filter_order_Dir" is set) is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.0.6. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Don OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 15 10:40:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Dec 2011 19:40:14 +0100 Subject: [SEC] [SA47217] BrowserCRM Multiple Vulnerabilities Message-ID: <201112151840.pBFIeE9s006845@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: BrowserCRM Multiple Vulnerabilities SECUNIA ADVISORY ID: SA47217 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47217/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47217 RELEASE DATE: 2011-12-15 DISCUSS ADVISORY: http://secunia.com/advisories/47217/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47217/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47217 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered multiple vulnerabilities in BrowserCRM, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Input passed via the URL appended to e.g. index.php, modules/admin/admin_module_index.php, and modules/calendar/customise_calendar_times.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "framed" parameter to license/index.php and licence/view.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed via the "login[]" POST parameters to index.php or pub/clients.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 4) Input passed to the "parent_id" parameter in modules/Documents/version_list.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 5) Input passed to the "contact_id" parameter in modules/Documents/index.php (when "id" is set) is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 6) Input passed to the "login[username]" POST parameter in index.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 5.100.01. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB23059: https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_browser_crm.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 15 11:35:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Dec 2011 20:35:57 +0100 Subject: [SEC] [SA46881] Seotoaster "selectUserIdByLoginPass()" SQL Injection Vulnerability Message-ID: <201112151935.pBFJZvLh031450@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Seotoaster "selectUserIdByLoginPass()" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA46881 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46881/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46881 RELEASE DATE: 2011-12-15 DISCUSS ADVISORY: http://secunia.com/advisories/46881/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46881/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46881 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Stefan Schurtz has discovered a vulnerability in Seotoaster, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "login" parameter to sys/login/index or the "memberLoginName" parameter to sys/login/member is not properly sanitised in the "selectUserIdByLoginPass()" function in seotoaster_core/application/models/LoginModel.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Note: This can further be exploited to bypass the authentication mechanism. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerability is confirmed in version 1.9. Other versions may also be affected. SOLUTION: The vendor has released an updated version 1.9 on December 15th 2011. PROVIDED AND/OR DISCOVERED BY: Stefan Schurtz via Secunia. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 15 12:36:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Dec 2011 21:36:46 +0100 Subject: [SEC] [SA47119] JBoss Enterprise Portal Platform Redirection and Cross-Site Scripting Vulnerabilities Message-ID: <201112152036.pBFKakhI023939@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: JBoss Enterprise Portal Platform Redirection and Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA47119 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47119/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47119 RELEASE DATE: 2011-12-15 DISCUSS ADVISORY: http://secunia.com/advisories/47119/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47119/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47119 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and multiple vulnerabilities have been reported in JBoss Enterprise Portal Platform, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks. 1) Input passed to the "initialURI" parameter in the login page is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain. 2) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in versions prior to 5.2.0. SOLUTION: Update to version 5.2.0. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Christopher Hartley. 2) Reported by the vendor. ORIGINAL ADVISORY: RHSA-2011:1822-01: https://rhn.redhat.com/errata/RHSA-2011-1822.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 15 13:38:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Dec 2011 22:38:48 +0100 Subject: [SEC] [SA47233] HP-UX update for Java Message-ID: <201112152138.pBFLcm1Z016483@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: HP-UX update for Java SECUNIA ADVISORY ID: SA47233 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47233/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47233 RELEASE DATE: 2011-12-15 DISCUSS ADVISORY: http://secunia.com/advisories/47233/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47233/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47233 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: HP has issued an update for Java in HP-UX. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. For more information: SA44784 The vulnerabilities are reported in the following versions: * HP-UX B.11.11, B.11.23, and B.11.31 running HP JDK and JRE 6.0.11 and prior. * HP-UX B.11.11, B.11.23, and B.11.31 running HP JDK and JRE 5.0.23 and prior. * HP-UX B.11.11, B.11.23, and B.11.31 running HP JDK and JRE 1.4.2.26 and prior. SOLUTION: Apply updates. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: HPSBUX02697 SSRT100591: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02945548 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 15 14:58:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Dec 2011 23:58:37 +0100 Subject: [SEC] [SA47267] Red Hat update for dhcp Message-ID: <201112152258.pBFMwbmv020274@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for dhcp SECUNIA ADVISORY ID: SA47267 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47267/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47267 RELEASE DATE: 2011-12-15 DISCUSS ADVISORY: http://secunia.com/advisories/47267/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47267/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47267 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for dhcp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA47153 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1819-01: https://rhn.redhat.com/errata/RHSA-2011-1819.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 15 14:58:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Dec 2011 23:58:32 +0100 Subject: [SEC] [SA47221] Hitachi JP1/ServerConductor/DeploymentManager Directory Traversal Vulnerability Message-ID: <201112152258.pBFMwW04020152@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Hitachi JP1/ServerConductor/DeploymentManager Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA47221 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47221/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47221 RELEASE DATE: 2011-12-15 DISCUSS ADVISORY: http://secunia.com/advisories/47221/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47221/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47221 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Hitachi JP1/ServerConductor/DeploymentManager, which can be exploited by malicious people to disclose sensitive information. The vulnerability is caused due to an input validation error in the DeploymentManager PXE Mtftp service and can be exploited to download files from arbitrary locations via directory traversal sequences. SOLUTION: Please see the vendor's advisory for fix information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Hitachi (HS11-026): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-026/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 15 14:58:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Dec 2011 23:58:37 +0100 Subject: [SEC] [SA47249] Drupal Meta tags quick Module Script Insertion Vulnerability Message-ID: <201112152258.pBFMwbZX020269@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Drupal Meta tags quick Module Script Insertion Vulnerability SECUNIA ADVISORY ID: SA47249 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47249/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47249 RELEASE DATE: 2011-12-15 DISCUSS ADVISORY: http://secunia.com/advisories/47249/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47249/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47249 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Meta tags quick module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Certain input related to names of entity bundles is not properly sanitised before being used. This can be exploited to insert HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed. Successful exploitation of this vulnerability requires permission "administer content types", "administer vocabularies and terms", or another permission with access rights to modify names of entity bundles. The vulnerability is reported in versions 7.x-2.x prior to 7.x-2.3. SOLUTION: Upgrade to version 7.x-2.3. PROVIDED AND/OR DISCOVERED BY: The vendor credits Michael Smith. ORIGINAL ADVISORY: SA-CONTRIB-2011-059: http://drupal.org/node/1370934 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 15 15:30:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 16 Dec 2011 00:30:29 +0100 Subject: [SEC] [SA47226] Ubuntu update for bzip2 Message-ID: <201112152330.pBFNUTNE012066@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for bzip2 SECUNIA ADVISORY ID: SA47226 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47226/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47226 RELEASE DATE: 2011-12-15 DISCUSS ADVISORY: http://secunia.com/advisories/47226/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47226/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47226 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for bzip2. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to the bzexe script creating a temporary file in an insecure manner, which can be exploited by replacing the uncompressed binary with malicious code prior to it being executed. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1308-1: http://www.ubuntu.com/usn/usn-1308-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 15 15:48:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 16 Dec 2011 00:48:54 +0100 Subject: [SEC] [SA47234] Red Hat update for pidgin Message-ID: <201112152348.pBFNmsl1002329@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for pidgin SECUNIA ADVISORY ID: SA47234 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47234/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47234 RELEASE DATE: 2011-12-15 DISCUSS ADVISORY: http://secunia.com/advisories/47234/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47234/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47234 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for pidgin. This fixes some weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerabilities #2-#4 in: SA46298 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1820-01: https://rhn.redhat.com/errata/RHSA-2011-1820.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 15 16:13:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 16 Dec 2011 01:13:58 +0100 Subject: [SEC] [SA47224] SUSE update for susestudio and kiwi4 Message-ID: <201112160013.pBG0DwEK025434@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for susestudio and kiwi4 SECUNIA ADVISORY ID: SA47224 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47224/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47224 RELEASE DATE: 2011-12-15 DISCUSS ADVISORY: http://secunia.com/advisories/47224/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47224/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47224 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for susestudio and kiwi4. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct script insertion attacks and compromise a vulnerable system. For more information: SA45754 1) Certain unspecified input passed via the "overlay files" tab when cloning an appliance from an untrusted source is not properly sanitised before being used. This can be exploited to insert HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed. 2) Certain unspecified input related to overlay file paths is not properly sanitised before being used and can be exploited to inject arbitrary shell commands within a "chown" related command line. 3) Certain input via image names is not properly sanitised before being used and can be exploited to inject arbitrary shell commands. 4) Certain input via "kiwi_oemtitle" in .profile is not properly sanitised before being used and can be exploited to inject arbitrary shell commands using double quotes. SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:1324-1: http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00015.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 15 16:48:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 16 Dec 2011 01:48:18 +0100 Subject: [SEC] [SA47253] Ubuntu update for php5 Message-ID: <201112160048.pBG0mIu1016549@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for php5 SECUNIA ADVISORY ID: SA47253 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47253/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47253 RELEASE DATE: 2011-12-15 DISCUSS ADVISORY: http://secunia.com/advisories/47253/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47253/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47253 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for php5. This fixes a vulnerability, which potentially can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service). For more information see vulnerability #2 in: SA46107 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1307-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-December/001525.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 15 17:15:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 16 Dec 2011 02:15:24 +0100 Subject: [SEC] [SA47270] IBM AIX X Server Two Vulnerabilities Message-ID: <201112160115.pBG1FOHp007309@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: IBM AIX X Server Two Vulnerabilities SECUNIA ADVISORY ID: SA47270 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47270/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47270 RELEASE DATE: 2011-12-15 DISCUSS ADVISORY: http://secunia.com/advisories/47270/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47270/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47270 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged two vulnerabilities in AIX, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA28532 The vulnerabilities are reported in versions 6.1 and 7.1. SOLUTION: Apply Interim Fixes or APARs when available. ORIGINAL ADVISORY: IBM (IV07021, IV07022, IV08676, IV08786): http://aix.software.ibm.com/aix/efixes/security/xorg_advisory.asc OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 15 17:49:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 16 Dec 2011 02:49:19 +0100 Subject: [SEC] [SA45665] RSA SecurID Software Token Insecure Library Loading Vulnerability Message-ID: <201112160149.pBG1nJim030808@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: RSA SecurID Software Token Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA45665 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45665/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45665 RELEASE DATE: 2011-12-15 DISCUSS ADVISORY: http://secunia.com/advisories/45665/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45665/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45665 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Parvez Anwar has discovered a vulnerability in RSA SecurID Software Token, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries (e.g. wintab32.dll) in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a Software Token (".sdtid") file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in versions prior to 4.1.1 (confirmed in 4.1.0.545). SOLUTION: Update to version 4.1.1. PROVIDED AND/OR DISCOVERED BY: Parvez Anwar via Secunia ORIGINAL ADVISORY: RSA: http://seclists.org/bugtraq/2011/Dec/att-88/ESA-2011-039.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 15 18:14:15 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 16 Dec 2011 03:14:15 +0100 Subject: [SEC] [SA47219] Red Hat update for pidgin Message-ID: <201112160214.pBG2EFrw021470@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for pidgin SECUNIA ADVISORY ID: SA47219 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47219/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47219 RELEASE DATE: 2011-12-15 DISCUSS ADVISORY: http://secunia.com/advisories/47219/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47219/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47219 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for pidgin. This fixes some weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerabilities #2 and #3 in: SA46298 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1821-01: https://rhn.redhat.com/errata/RHSA-2011-1821.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 15 18:48:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 16 Dec 2011 03:48:14 +0100 Subject: [SEC] [SA47271] IBM Multiple Products Outside In Technology Multiple Vulnerabilities Message-ID: <201112160248.pBG2mEJh012581@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: IBM Multiple Products Outside In Technology Multiple Vulnerabilities SECUNIA ADVISORY ID: SA47271 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47271/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47271 RELEASE DATE: 2011-12-15 DISCUSS ADVISORY: http://secunia.com/advisories/47271/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47271/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47271 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged some vulnerabilities in multiple products, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA44295 SA45297 Please see the vendor's advisory for the list of affected products. SOLUTION: Do not open files from untrusted sources. ORIGINAL ADVISORY: IBM: http://www.ibm.com/support/docview.wss?uid=swg21574454 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 15 19:18:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 16 Dec 2011 04:18:59 +0100 Subject: [SEC] [SA47241] SUSE update for kernel Message-ID: <201112160318.pBG3IxpT003976@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for kernel SECUNIA ADVISORY ID: SA47241 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47241/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47241 RELEASE DATE: 2011-12-14 DISCUSS ADVISORY: http://secunia.com/advisories/47241/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47241/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47241 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to cause a DoS (Denial of Service). For more information: SA45253 SA45420 SA45563 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:1319-1: http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00012.html SUSE-SU-2011:1319-2: http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00013.html SUSE-SA:2011:046: http://lists.opensuse.org/opensuse-security-announce/2011-12/msg00011.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 15 19:47:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 16 Dec 2011 04:47:48 +0100 Subject: [SEC] [SA47214] Red Hat update for netpbm Message-ID: <201112160347.pBG3lmTa027225@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for netpbm SECUNIA ADVISORY ID: SA47214 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47214/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47214 RELEASE DATE: 2011-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/47214/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47214/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47214 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for netpbm. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA38530 SA47175 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1811-01: https://rhn.redhat.com/errata/RHSA-2011-1811.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 15 20:12:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 16 Dec 2011 05:12:27 +0100 Subject: [SEC] [SA47215] Ubuntu update for commons-daemon Message-ID: <201112160412.pBG4CRf7017863@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for commons-daemon SECUNIA ADVISORY ID: SA47215 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47215/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47215 RELEASE DATE: 2011-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/47215/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47215/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47215 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for commons-daemon. This fixes a weakness, which can be exploited by malicious, local users to disclose sensitive information. For more information: SA45641 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1298-1: http://www.ubuntu.com/usn/usn-1298-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 15 20:47:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 16 Dec 2011 05:47:05 +0100 Subject: [SEC] [SA47100] Barracuda Web Filter Multiple Script Insertion Vulnerabilities Message-ID: <201112160447.pBG4l5qL009000@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Barracuda Web Filter Multiple Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA47100 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47100/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47100 RELEASE DATE: 2011-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/47100/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47100/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47100 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Barracuda Web Filter, which can be exploited by malicious users to conduct script insertion attacks. Certain input passed to the Schedule Report, Local user Search, Active Directory, NTLM User Search, and Backup Test components is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. SOLUTION: Update to version 5.0.014 when available (scheduled for January 2nd, 2012). PROVIDED AND/OR DISCOVERED BY: Benjamin Kunz Mejri (Rem0ve) and Pim J.F.P. Campers (X4lt). ORIGINAL ADVISORY: http://www.vulnerability-lab.com/get_content.php?id=29 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 15 21:12:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 16 Dec 2011 06:12:24 +0100 Subject: [SEC] [SA46872] WinMount 87342000h IOCTL NULL Pointer Dereference Denial of Service Message-ID: <201112160512.pBG5COon032062@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: WinMount 87342000h IOCTL NULL Pointer Dereference Denial of Service SECUNIA ADVISORY ID: SA46872 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46872/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46872 RELEASE DATE: 2011-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/46872/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46872/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46872 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: ADLab has discovered a vulnerability in WinMount, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to a NULL pointer dereference error when processing the 0x87342000 IOCTL in WMDrive.sys. This can be exploited to cause a system crash via a specially crafted IOCTL sent to the "\\?\WMDriver" device filename. The vulnerability is confirmed in version 3.5.1018 (WMDrive.sys version 3.4.181.224). Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: ADLab, VenusTech via Secunia. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 15 21:47:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 16 Dec 2011 06:47:55 +0100 Subject: [SEC] [SA47173] IMPItool Insecure PID Files Security Issue Message-ID: <201112160547.pBG5ltx9023242@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: IMPItool Insecure PID Files Security Issue SECUNIA ADVISORY ID: SA47173 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47173/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47173 RELEASE DATE: 2011-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/47173/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47173/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47173 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been discovered in IMPItool, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The security issue is caused due to ipmievd creating PID files with insecure permissions, which can be exploited to e.g. terminate other processes by exchanging the process ID stored in the PID file. The security issue is confirmed in version 1.8.11. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Reported in a Red Hat bug report. ORIGINAL ADVISORY: Red Hat Bug #742837: https://bugzilla.redhat.com/show_bug.cgi?id=742837 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Dec 15 22:14:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 16 Dec 2011 07:14:42 +0100 Subject: [SEC] [SA47113] APC PowerChute Business Edition Unspecified Cross-Site Scripting Vulnerability Message-ID: <201112160614.pBG6EgWS013994@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: APC PowerChute Business Edition Unspecified Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA47113 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47113/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47113 RELEASE DATE: 2011-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/47113/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47113/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47113 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in APC PowerChute Business Edition, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 8.5. SOLUTION: Update to version 8.5. PROVIDED AND/OR DISCOVERED BY: JVN credits Jun Okada, GLOBAL TECHNOLOGY CORPORATION. ORIGINAL ADVISORY: JVN: https://jvn.jp/en/jp/JVN61695284/index.html http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000100.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 16 10:33:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 16 Dec 2011 19:33:23 +0100 Subject: [SEC] [SA47102] Owl Intranet Engine Authentication Bypass Vulnerability Message-ID: <201112161833.pBGIXNTE008716@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Owl Intranet Engine Authentication Bypass Vulnerability SECUNIA ADVISORY ID: SA47102 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47102/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47102 RELEASE DATE: 2011-12-16 DISCUSS ADVISORY: http://secunia.com/advisories/47102/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47102/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47102 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: RedTeam Pentesting has discovered a vulnerability in Owl Intranet Engine, which can be exploited by malicious people to bypass certain security restrictions. The lib/owl.lib.php script does not terminate execution for unauthenticated sessions for certain values of the "userid" parameter, which can be exploited to perform administrative actions via direct HTTP requests without being authenticated. Successful exploitation requires that the guest account is disabled, and that an administrator is included in the "Administrators" group or a user is set to "News Administrator". The vulnerability is confirmed in version 0.96. Other versions may also be affected. SOLUTION: Upgrade to version 1.01. PROVIDED AND/OR DISCOVERED BY: RedTeam Pentesting. ORIGINAL ADVISORY: http://www.redteam-pentesting.de/advisories/rt-sa-2011-005.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 16 11:36:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 16 Dec 2011 20:36:45 +0100 Subject: [SEC] [SA47274] Nagios XI Mass Acknowledgement Component URL Cross-Site Scripting Vulnerability Message-ID: <201112161936.pBGJaj8C001264@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Nagios XI Mass Acknowledgement Component URL Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA47274 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47274/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47274 RELEASE DATE: 2011-12-16 DISCUSS ADVISORY: http://secunia.com/advisories/47274/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47274/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47274 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: 0a29406d9794e4f9b30b3c5d6702c708 has discovered a vulnerability in the Mass Acknowledgement Component for Nagios XI, which can be exploited by malicious people to conduct cross-site scripting attacks. Input appended to the URL after includes/components/massacknowledge/mass_ack.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: 0a29406d9794e4f9b30b3c5d6702c708 ORIGINAL ADVISORY: http://0a29.blogspot.com/2011/12/0a29-11-3-cross-site-scripting.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 16 12:35:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 16 Dec 2011 21:35:43 +0100 Subject: [SEC] [SA47087] Nagios XI Cross-Site Scripting and Privilege Escalation Vulnerabilities Message-ID: <201112162035.pBGKZhRi026104@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Nagios XI Cross-Site Scripting and Privilege Escalation Vulnerabilities SECUNIA ADVISORY ID: SA47087 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47087/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47087 RELEASE DATE: 2011-12-16 DISCUSS ADVISORY: http://secunia.com/advisories/47087/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47087/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47087 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: 0a29406d9794e4f9b30b3c5d6702c708 has reported a security issue and multiple vulnerabilities in Nagios XI, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to conduct cross-site scripting attacks. 1) Input appended to the URL after e.g. login.php, index.php, about/index.php, etc. is not properly sanitised in html/includes/pageparts.inc.php and in the "get_permalink_base()" function in html/includes/utils.inc.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "xiwindow" parameter to account/ is not properly sanitised in the "get_window_frame_url()" function in html/includes/pageparts.inc.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input appended to the URL after includes/components/xicore/recurringdowntime.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 4) Input passed via the "height", "service", and "width" parameters to reports/alertheatmap.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 5) Input passed via the "service" parameter to reports/histogram.php, reports/statehistory.php, or reports/notifications.php is not properly sanitised in the "get_service_status_detail_link()" function in includes/utils-links.inc.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 6) Input passed via the "host" and "service" parameters to reports/notifications.php is not properly sanitised in the "get_host_status_detail_link()" in includes/utils-links.inc.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 7) The security issue is caused due to certain scripts using temporary files in an insecure manner, which can be exploited to e.g. overwrite arbitrary files via symlink attacks. The vulnerabilities are reported in version 2011R1.8. Prior versions may also be affected. SOLUTION: Update to version 2011R1.9. PROVIDED AND/OR DISCOVERED BY: 0a29406d9794e4f9b30b3c5d6702c708 ORIGINAL ADVISORY: 0a29406d9794e4f9b30b3c5d6702c708: http://0a29.blogspot.com/2011/12/0a29-11-3-cross-site-scripting.html http://0a29.blogspot.com/2011/12/0a29-11-4-privilege-escalation.html Nagios: http://assets.nagios.com/downloads/nagiosxi/CHANGES-2011.TXT OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 16 13:33:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 16 Dec 2011 22:33:32 +0100 Subject: [SEC] [SA47216] Zabbix Two Script Insertion Vulnerabilities Message-ID: <201112162133.pBGLXW2S018453@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Zabbix Two Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA47216 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47216/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47216 RELEASE DATE: 2011-12-16 DISCUSS ADVISORY: http://secunia.com/advisories/47216/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47216/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47216 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Zabbix, which can be exploited by malicious users to conduct script insertion attacks. 1) Input passed to "host groups" names is not properly sanitised before being used. This can be exploited to insert HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed. Successful exploitation of this vulnerability requires access rights to modify "host group" names. 2) Certain unspecified input to the profiler is not properly sanitised before being used. This can be exploited to insert HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed. The vulnerabilities are reported in version 1.8.5. Other versions may also be affected. SOLUTION: Fixed in version 1.8.10rc. PROVIDED AND/OR DISCOVERED BY: 1) Martina Matari within a Zabbix bug report. 2) Reported by the vendor. ORIGINAL ADVISORY: Zabbix: http://www.zabbix.com/rn1.8.10rc1.php https://support.zabbix.com/browse/ZBX-4015 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 16 14:30:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 16 Dec 2011 23:30:53 +0100 Subject: [SEC] [SA47264] SUSE update for namazu Message-ID: <201112162230.pBGMUrat010755@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for namazu SECUNIA ADVISORY ID: SA47264 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47264/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47264 RELEASE DATE: 2011-12-16 DISCUSS ADVISORY: http://secunia.com/advisories/47264/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47264/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47264 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for namazu. This fixes two vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system. For more information: SA46925 1) The vulnerability is caused due to an error within the "replace_field()" function (result.c) when parsing the "uri" field, which can be exploited to cause a stack-based buffer overflow. Successful exploitation of this vulnerability may allow execution of arbitrary code. SOLUTION: Apply updated packages via the zypper package manager. PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor. ORIGINAL ADVISORY: SUSE-SU-2011:1326-1: https://hermes.opensuse.org/messages/12940021 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 16 14:52:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 16 Dec 2011 23:52:20 +0100 Subject: [SEC] [SA47269] SUSE update for namazu Message-ID: <201112162252.pBGMqK3m001161@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for namazu SECUNIA ADVISORY ID: SA47269 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47269/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47269 RELEASE DATE: 2011-12-16 DISCUSS ADVISORY: http://secunia.com/advisories/47269/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47269/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47269 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for namazu. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA46925 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:1327-1: http://lists.opensuse.org/opensuse-updates/2011-12/msg00008.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 16 15:16:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 17 Dec 2011 00:16:18 +0100 Subject: [SEC] [SA47201] TYPO3 "BACK_PATH" File Inclusion Vulnerability Message-ID: <201112162316.pBGNGI01024233@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: TYPO3 "BACK_PATH" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA47201 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47201/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47201 RELEASE DATE: 2011-12-16 DISCUSS ADVISORY: http://secunia.com/advisories/47201/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47201/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47201 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in TYPO3, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "BACK_PATH" parameter in typo3/sysext/workspaces/Classes/Controller/AbstractController.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from remote resources. Successful exploitation requires that "register_globals" is enabled. The vulnerability is confirmed in version 4.6.1. Prior versions may also be affected. SOLUTION: Update to version 4.6.2. PROVIDED AND/OR DISCOVERED BY: The vendor credits Bj?rn Pedersen and Christian Toffolo. ORIGINAL ADVISORY: TYPO3-CORE-SA-2011-004: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-004/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 16 15:49:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 17 Dec 2011 00:49:05 +0100 Subject: [SEC] [SA47268] Novell Access Manager SSL/TLS Initialization Vector Selection Weakness Message-ID: <201112162349.pBGNn5bt015288@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Novell Access Manager SSL/TLS Initialization Vector Selection Weakness SECUNIA ADVISORY ID: SA47268 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47268/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47268 RELEASE DATE: 2011-12-16 DISCUSS ADVISORY: http://secunia.com/advisories/47268/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47268/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47268 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in Novell Access Manager, which can be exploited by malicious people to disclose potentially sensitive information and hijack a user's session. A design error exists within the implementation of SSL 3.0 and TLS 1.0 protocols. For more information: SA46168 The weakness is reported in version 3.1. SOLUTION: Edit configuration to enable RC4 encryption or ensure that clients use an updated browser (please see the vendor's advisory for more information). ORIGINAL ADVISORY: http://www.novell.com/support/viewContent.do?externalId=7009901 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 16 16:14:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 17 Dec 2011 01:14:31 +0100 Subject: [SEC] [SA47197] RHQ Cross-Site Scripting Vulnerabilities Message-ID: <201112170014.pBH0EViu005976@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: RHQ Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA47197 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47197/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47197 RELEASE DATE: 2011-12-16 DISCUSS ADVISORY: http://secunia.com/advisories/47197/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47197/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47197 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in RHQ, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in version 4.2.0. Other versions may also be affected. SOLUTION: Fixed in the GIT repository. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Red Hat ORIGINAL ADVISORY: Red Hat Bug #734662: https://bugzilla.redhat.com/show_bug.cgi?id=734662 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 16 16:49:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 17 Dec 2011 01:49:34 +0100 Subject: [SEC] [SA47280] JBoss Operations Network Cross-Site Scripting Vulnerabilities Message-ID: <201112170049.pBH0nYA2029534@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: JBoss Operations Network Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA47280 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47280/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47280 RELEASE DATE: 2011-12-16 DISCUSS ADVISORY: http://secunia.com/advisories/47280/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47280/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47280 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in JBoss Operations Network, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain input is not properly sanitised before being returned to the user. For more information: SA47197 The vulnerabilities are reported in version 2.4.1. SOLUTION: Upgrade to version 3.0. Also fixed in the GIT repository. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Red Hat bug #734662: https://bugzilla.redhat.com/show_bug.cgi?id=734662 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 16 17:16:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 17 Dec 2011 02:16:46 +0100 Subject: [SEC] [SA47020] WordPress Sentinel Plugin Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities Message-ID: <201112170116.pBH1GkOb020309@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: WordPress Sentinel Plugin Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities SECUNIA ADVISORY ID: SA47020 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47020/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47020 RELEASE DATE: 2011-12-16 DISCUSS ADVISORY: http://secunia.com/advisories/47020/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47020/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47020 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: BoiteAWeb has reported multiple vulnerabilities in the Sentinel plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) Certain input related to the dashboard is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. trigger snapshots when a logged-in administrator visits a specially crafted web page. The vulnerabilities are reported in version 1.0.0. SOLUTION: Update to version 1.0.1. PROVIDED AND/OR DISCOVERED BY: Julio, BoiteAWeb ORIGINAL ADVISORY: BoiteAWeb (French): http://www.boiteaweb.fr/wordpress-sentinel-v1-0-0-3104.html WordPRess Sentinel Plugin: http://wordpress.org/extend/plugins/wordpress-sentinel/changelog/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 16 17:48:25 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 17 Dec 2011 02:48:25 +0100 Subject: [SEC] [SA47275] Ubuntu update for isc-dhcp Message-ID: <201112170148.pBH1mPlS011307@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for isc-dhcp SECUNIA ADVISORY ID: SA47275 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47275/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47275 RELEASE DATE: 2011-12-16 DISCUSS ADVISORY: http://secunia.com/advisories/47275/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47275/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47275 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for isc-dhcp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA47153 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1309-1: http://www.ubuntu.com/usn/usn-1309-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 16 18:14:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 17 Dec 2011 03:14:02 +0100 Subject: [SEC] [SA47266] Nagios XI Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201112170214.pBH2E2C1001923@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Nagios XI Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA47266 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47266/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47266 RELEASE DATE: 2011-12-16 DISCUSS ADVISORY: http://secunia.com/advisories/47266/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47266/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47266 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: 0a29406d9794e4f9b30b3c5d6702c708 has discovered multiple vulnerabilities in Nagios XI, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed via the "hostgroup" parameter to includes/components/xicore/status.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "host" parameter to reports/alertheatmap.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed via the "host" parameter to reports/histogram.php, reports/statehistory.php or reports/notifications.php is not properly sanitised in the "get_service_status_detail_link()" function in includes/utils-links.inc.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 2011r1.9. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: 0a29406d9794e4f9b30b3c5d6702c708 ORIGINAL ADVISORY: http://0a29.blogspot.com/2011/12/0a29-11-3-cross-site-scripting.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 16 18:48:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 17 Dec 2011 03:48:20 +0100 Subject: [SEC] [SA47236] NetBSD OpenPAM Privilege Escalation Security Issue Message-ID: <201112170248.pBH2mKvY025509@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: NetBSD OpenPAM Privilege Escalation Security Issue SECUNIA ADVISORY ID: SA47236 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47236/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47236 RELEASE DATE: 2011-12-16 DISCUSS ADVISORY: http://secunia.com/advisories/47236/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47236/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47236 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in NetBSD, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA46756 SOLUTION: Apply patches. Please see the vendor's advisory for more information. ORIGINAL ADVISORY: NetBSD-SA2011-008: http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-008.txt.asc OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 16 19:18:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 17 Dec 2011 04:18:45 +0100 Subject: [SEC] [SA47279] NetBSD update for BIND Message-ID: <201112170318.pBH3Ij0r016913@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: NetBSD update for BIND SECUNIA ADVISORY ID: SA47279 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47279/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47279 RELEASE DATE: 2011-12-16 DISCUSS ADVISORY: http://secunia.com/advisories/47279/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47279/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47279 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: NetBSD has issued an update for BIND. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA46887 SOLUTION: Fixed in the CVS repository. See vendor advisory for details. ORIGINAL ADVISORY: NetBSD-SA2011-009: http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-009.txt.asc OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 16 19:47:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 17 Dec 2011 04:47:10 +0100 Subject: [SEC] [SA47257] Oracle Sun System Firmware Network Time Protocol Multiple Vulnerabilities Message-ID: <201112170347.pBH3lA3N007749@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Oracle Sun System Firmware Network Time Protocol Multiple Vulnerabilities SECUNIA ADVISORY ID: SA47257 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47257/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47257 RELEASE DATE: 2011-12-16 DISCUSS ADVISORY: http://secunia.com/advisories/47257/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47257/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47257 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged some vulnerabilities in Sun System Firmware, which can be exploited by malicious people to conduct spoofing attacks, cause a DoS (Denial of Service), and potentially compromise a user's system. For more information: SA33406 SA34608 SA37629 The vulnerabilities are reported in Netra SPARC T3-1, Netra SPARC T3-1B, SPARC T3-1, SPARC T3-1B, SPARC T3-2, and SPARC T3-4. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_network_time OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Dec 16 20:12:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 17 Dec 2011 05:12:19 +0100 Subject: [SEC] [SA47199] Linux Kernel B.A.T.M.A.N. "bat_socket_read()" Buffer Overflow Vulnerability Message-ID: <201112170412.pBH4CJL8030804@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Linux Kernel B.A.T.M.A.N. "bat_socket_read()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA47199 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47199/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47199 RELEASE DATE: 2011-12-13 DISCUSS ADVISORY: http://secunia.com/advisories/47199/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47199/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47199 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Linux Kernel, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "bat_socket_read()" function (net/batman/icmp_socket.c), which can be exploited to cause a userspace buffer overflow by sending specially crafted packets to a vulnerable system. The vulnerability is reported in version 2.6.39.4. Other versions may also be affected. SOLUTION: Fixed in the GIT repository. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Paul Kot ORIGINAL ADVISORY: https://lists.open-mesh.org/pipermail/b.a.t.m.a.n/2011-December/005904.html http://git.open-mesh.org/?p=batman-adv.git;a=commitdiff;h=201371597326fcd8118be4000954ff9ba8fd0ccd http://git.open-mesh.org/?p=batman-adv.git;a=commitdiff;h=d22e13c6c380261cf0b13d34e6412a1e393b5197 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 19 10:34:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 19 Dec 2011 19:34:09 +0100 Subject: [SEC] [SA47220] Unbound Two Denial of Service Vulnerabilities Message-ID: <201112191834.pBJIY901016495@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Unbound Two Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA47220 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47220/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47220 RELEASE DATE: 2011-12-19 DISCUSS ADVISORY: http://secunia.com/advisories/47220/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47220/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47220 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Unbound, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) A memory allocation error when processing certain RRs (Resource Records) can be exploited to cause a crash by sending signed duplicate redirecting RRs. 2) An error when processing certain responses for NSEC3-signed zones can be exploited to e.g. cause an assertion error or crash by sending specially crafted responses. The vulnerabilities are reported in versions prior to 1.4.14. SOLUTION: Update to version 1.4.13p2 and 1.4.14 or apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://unbound.nlnetlabs.nl/downloads/CVE-2011-4528.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 19 11:34:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 19 Dec 2011 20:34:19 +0100 Subject: [SEC] [SA47237] Microsoft Windows win32k.sys Memory Corruption Vulnerability Message-ID: <201112191934.pBJJYJuL008957@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Microsoft Windows win32k.sys Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA47237 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47237/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47237 RELEASE DATE: 2011-12-19 DISCUSS ADVISORY: http://secunia.com/advisories/47237/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47237/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47237 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large "height" attribute viewed using the Apple Safari browser. Successful exploitation may allow execution of arbitrary code with kernel-mode privileges. The vulnerability is confirmed on a fully patched Windows 7 Professional 64-bit. Other versions may also be affected. SOLUTION: No effective solution is currently available. PROVIDED AND/OR DISCOVERED BY: webDEViL ORIGINAL ADVISORY: https://twitter.com/#!/w3bd3vil/status/148454992989261824 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 19 12:32:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 19 Dec 2011 21:32:09 +0100 Subject: [SEC] [SA46163] Wuzly Multiple Vulnerabilities Message-ID: <201112192032.pBJKW9kK001209@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Wuzly Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46163 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46163/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46163 RELEASE DATE: 2011-12-19 DISCUSS ADVISORY: http://secunia.com/advisories/46163/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46163/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46163 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered multiple vulnerabilities in Wuzly, which can be exploited by malicious people to conduct cross-site scripting attacks, cross-site request forgery attacks, script insertion attacks, SQL injection attacks, disclose sensitive information, and bypass certain security restrictions. 1) Input passed via the "Referer" header to admin/login.php and admin/404.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via various parameters to multiple scripts is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Examples: http://[host]/search.php?q=[code] http://[host]/admin/theme_settings.php?theme_name=[code] http://[host]/admin/extension_settings.php?extension_name=[code] http://[host]/admin/search.php?q=[code] http://[host]/admin/comments.php?type=[code] http://[host]/admin/pages.php?sort=[code] http://[host]/admin/posts.php?sort=[code] http://[host]/admin/media.php?type=[code] http://[host]/admin/media.php?q=[code] http://[host]/mobile/add_widget.php?sidebar=[code] http://[host]/mobile/widgets.php?sidebar=[code] http://[host]/mobile/category_delete.php?id=[code] http://[host]/mobile/comment.php?id=[code] http://[host]/mobile/page_delete.php?id=[code] http://[host]/mobile/post_delete.php?id=[code] http://[host]/mobile/media.php?type=[code] http://[host]/mobile/widget_delete.php?id=[code] http://[host]/mobile/widget_delete.php?sidebar=[code] http://[host]/index.php?name=[code] http://[host]/index.php?email=[code] http://[host]/index.php?website=[code] http://[host]/index.php?comment=[code] 3) The application's web interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. add an administrator and conduct script insertion and SQL injection attacks by tricking a logged in administrator into visiting a malicious web site. 4) Input passed via the "username" parameter to admin/login.php is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 5) Input passed to the "preview" parameter to index.php is not properly verified in blog_system/data_functions.php before being used to include files. This can be exploited to include arbitrary files from local resources via Base64-encoded directory traversal attacks and NULL bytes. 6) Input passed via the "u" parameter to admin/fp.php, the "epage" parameter to admin/newpage.php, and the "epost" parameter to admin/newpost.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. 7) Input passed via the "username" POST parameter to admin/login.php or mobile/login.php (when "submitted" is set to "1") is not properly sanitised in blog_system/admin_functions.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. NOTE: This vulnerability can further be exploited to bypass the authentication mechanism. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. 8) An error within the authentication mechanism can be exploited to gain access to the administration section by setting the "dXNlcm5hbWU" cookie to an arbitrary value. The vulnerabilities are confirmed in version 2.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised and verified. Do not browse untrusted websites or follow untrusted links while logged in to the application. Restrict access to the "admin" directory (e.g. via .htaccess). PROVIDED AND/OR DISCOVERED BY: Morten Bartvig, Secunia Research. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2011-84/ http://secunia.com/secunia_research/2011-85/ http://secunia.com/secunia_research/2011-86/ http://secunia.com/secunia_research/2011-87/ http://secunia.com/secunia_research/2011-88/ http://secunia.com/secunia_research/2011-89/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 19 13:32:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 19 Dec 2011 22:32:51 +0100 Subject: [SEC] [SA47262] mPDF "filename" Local File Inclusion Vulnerability Message-ID: <201112192132.pBJLWp7B026159@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: mPDF "filename" Local File Inclusion Vulnerability SECUNIA ADVISORY ID: SA47262 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47262/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47262 RELEASE DATE: 2011-12-19 DISCUSS ADVISORY: http://secunia.com/advisories/47262/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47262/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47262 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in mPDF, which can be exploited by malicious people to disclose sensitive information. Input passed to the "filename" parameter in examples/show_code.php is not properly verified before being used to return file contents within a PDF document. This can be exploited to disclose arbitrary files from local resources via directory traversal attacks. The vulnerability is confirmed in version 5.3. Other versions may also be affected. SOLUTION: Remove the "examples" directory. PROVIDED AND/OR DISCOVERED BY: ZadYree ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/18248/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 19 14:31:15 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 19 Dec 2011 23:31:15 +0100 Subject: [SEC] [SA47184] HTML::Template::Pro Template Parameters Cross-Site Scripting Vulnerability Message-ID: <201112192231.pBJMVFUf018539@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: HTML::Template::Pro Template Parameters Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA47184 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47184/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47184 RELEASE DATE: 2011-12-19 DISCUSS ADVISORY: http://secunia.com/advisories/47184/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47184/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47184 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HTML::Template::Pro, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via template parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 0.9507. SOLUTION: Update to version 0.9507. PROVIDED AND/OR DISCOVERED BY: The vendor credits Shigeki Morimoto. ORIGINAL ADVISORY: http://cpansearch.perl.org/src/VIY/HTML-Template-Pro-0.9507/Changes http://metacpan.org/diff/release/VIY/HTML-Template-Pro-0.9505/VIY/HTML-Template-Pro-0.9507 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 19 14:49:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 19 Dec 2011 23:49:53 +0100 Subject: [SEC] [SA47288] WebSVN "path" Cross-Site Scripting Vulnerability Message-ID: <201112192249.pBJMnrTE008876@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: WebSVN "path" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA47288 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47288/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47288 RELEASE DATE: 2011-12-19 DISCUSS ADVISORY: http://secunia.com/advisories/47288/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47288/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47288 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Sony has discovered a vulnerability in WebSVN, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "path" parameter to e.g. comp.php or revision.php is not properly sanitised in the "getLog()" function in svnlook.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 2.3.0. Prior versions may also be affected. SOLUTION: Update to version 2.3.1 or later. PROVIDED AND/OR DISCOVERED BY: Sony ORIGINAL ADVISORY: Sony: http://st2tea.blogspot.com/2011/12/websvn-cross-site-scripting.html WebSVN: http://websvn.tigris.org/issues/show_bug.cgi?id=275 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 19 15:20:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 20 Dec 2011 00:20:54 +0100 Subject: [SEC] [SA47307] OpenVZ update for kernel Message-ID: <201112192320.pBJNKsGX032235@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: OpenVZ update for kernel SECUNIA ADVISORY ID: SA47307 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47307/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47307 RELEASE DATE: 2011-12-19 DISCUSS ADVISORY: http://secunia.com/advisories/47307/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47307/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47307 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: OpenVZ has issued an update for the kernel. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and potentially gain escalated privileges and by malicious people to cause a DoS (Denial of Service). For more information: SA46972 SOLUTION: Update kernel branch RHEL6 to version 042stab044.11. ORIGINAL ADVISORY: http://wiki.openvz.org/Download/kernel/rhel6/042stab044.11 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 19 15:48:01 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 20 Dec 2011 00:48:01 +0100 Subject: [SEC] [SA47261] DotA OpenStats "id" SQL Injection Vulnerability Message-ID: <201112192348.pBJNm12I023008@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: DotA OpenStats "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA47261 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47261/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47261 RELEASE DATE: 2011-12-19 DISCUSS ADVISORY: http://secunia.com/advisories/47261/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47261/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47261 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in DotA OpenStats, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to index.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.3.9. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: HvM17 ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/18250/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 19 16:14:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 20 Dec 2011 01:14:45 +0100 Subject: [SEC] [SA47290] Flirt-Projekt "rub" SQL Injection Vulnerability Message-ID: <201112200014.pBK0Ejjf013769@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Flirt-Projekt "rub" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA47290 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47290/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47290 RELEASE DATE: 2011-12-19 DISCUSS ADVISORY: http://secunia.com/advisories/47290/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47290/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47290 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Flirt-Projekt, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "rub" parameter to rub2_w.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 4.8. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: Lazmania61 ORIGINAL ADVISORY: http://packetstormsecurity.org/files/107971/flirtportal-sql.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 19 16:49:15 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 20 Dec 2011 01:49:15 +0100 Subject: [SEC] [SA47287] Video Community Portal "id" SQL Injection Vulnerability Message-ID: <201112200049.pBK0nFBk004899@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Video Community Portal "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA47287 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47287/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47287 RELEASE DATE: 2011-12-19 DISCUSS ADVISORY: http://secunia.com/advisories/47287/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47287/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47287 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Video Community Portal, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to index.php (when "d" is set to "user") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: Lazmania61 ORIGINAL ADVISORY: http://packetstormsecurity.org/files/107970/videoportalneu-sql.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 19 17:20:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 20 Dec 2011 02:20:45 +0100 Subject: [SEC] [SA47313] Attachmate Reflection for the Web Java Multiple Vulnerabilities Message-ID: <201112200120.pBK1KjrU028299@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Attachmate Reflection for the Web Java Multiple Vulnerabilities SECUNIA ADVISORY ID: SA47313 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47313/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47313 RELEASE DATE: 2011-12-19 DISCUSS ADVISORY: http://secunia.com/advisories/47313/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47313/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47313 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Attachmate has acknowledged multiple vulnerabilities in Attachmate Reflection for the Web, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. For more information: SA46512 The vulnerabilities are reported in versions prior to Reflection for the Web 2011 R1 Build 527. SOLUTION: Update to Reflection for the Web 2011 R1 Build 527. ORIGINAL ADVISORY: http://support.attachmate.com/techdocs/1704.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 19 17:49:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 20 Dec 2011 02:49:39 +0100 Subject: [SEC] [SA47276] Tor "buf_pullup()" Buffer Overflow Vulnerability Message-ID: <201112200149.pBK1ndq9019149@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Tor "buf_pullup()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA47276 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47276/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47276 RELEASE DATE: 2011-12-19 DISCUSS ADVISORY: http://secunia.com/advisories/47276/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47276/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47276 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Tor, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error within the "buf_pullup()" function (or/buffers.c) when repacking data and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code but requires that the Tor session uses a SOCKS proxy (not default setting). The vulnerability is reported in versions prior to 0.2.2.35. SOLUTION: Update to version 0.2.2.35. PROVIDED AND/OR DISCOVERED BY: The vendor credits Vektor. ORIGINAL ADVISORY: https://lists.torproject.org/pipermail/tor-announce/2011-December/000083.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 19 18:13:01 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 20 Dec 2011 03:13:01 +0100 Subject: [SEC] [SA47258] Novell Sentinel Log Manager "filename" Arbitrary File Download Vulnerability Message-ID: <201112200213.pBK2D1J9009740@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Novell Sentinel Log Manager "filename" Arbitrary File Download Vulnerability SECUNIA ADVISORY ID: SA47258 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47258/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47258 RELEASE DATE: 2011-12-19 DISCUSS ADVISORY: http://secunia.com/advisories/47258/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47258/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47258 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Andrea Fabrizi has discovered a vulnerability in Novell Sentinel Log Manager, which can be exploited by malicious users to disclose sensitive information. Input passed via the "filename" parameter to novelllogmanager/FileDownload is not properly sanitised before being used. This can be exploited to download arbitrary files from local resources via directory traversal sequences. The vulnerability is confirmed in version 1.2.0.1_938. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Andrea Fabrizi ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2011-12/0368.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 19 18:47:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 20 Dec 2011 03:47:58 +0100 Subject: [SEC] [SA47230] Debian update for dtc Message-ID: <201112200247.pBK2lwKS000819@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Debian update for dtc SECUNIA ADVISORY ID: SA47230 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47230/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47230 RELEASE DATE: 2011-12-19 DISCUSS ADVISORY: http://secunia.com/advisories/47230/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47230/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47230 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for dtc. This fixes multiple security issues and vulnerabilities, which can be exploited by malicious, local users to disclose sensitive information and gain escalated privileges, and by malicious users to conduct script insertion attacks, conduct SQL injection attacks, and compromise a vulnerable system. For more information: SA45566 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2365-1: http://lists.debian.org/debian-security-announce/2011/msg00243.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 19 19:18:13 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 20 Dec 2011 04:18:13 +0100 Subject: [SEC] [SA47259] Debian update for tor Message-ID: <201112200318.pBK3IDl3024691@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Debian update for tor SECUNIA ADVISORY ID: SA47259 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47259/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47259 RELEASE DATE: 2011-12-19 DISCUSS ADVISORY: http://secunia.com/advisories/47259/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47259/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47259 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for tor. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. For more information: SA47276 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2363-1: http://lists.debian.org/debian-security-announce/2011/msg00241.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 19 19:46:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 20 Dec 2011 04:46:59 +0100 Subject: [SEC] [SA47272] mnoGoSearch Hostnames SQL Injection Vulnerability Message-ID: <201112200346.pBK3kxUY015534@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: mnoGoSearch Hostnames SQL Injection Vulnerability SECUNIA ADVISORY ID: SA47272 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47272/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47272 RELEASE DATE: 2011-12-19 DISCUSS ADVISORY: http://secunia.com/advisories/47272/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47272/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47272 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in mnoGoSearch, which can be exploited by malicious people to conduct SQL injection attacks. Certain input passed via hostnames in hypertext links is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that the database allows multiple statements in a single query (e.g. MySQL if the "ClientMultiStatement" option is set to "yes" or PostgreSQL). The vulnerability is reported in versions prior to 3.3.12. SOLUTION: Update to version 3.3.12. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.mnogosearch.org/doc33/msearch-changelog.html#changelog-3-3-12 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 19 20:11:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 20 Dec 2011 05:11:58 +0100 Subject: [SEC] [SA47321] SUSE update for system-config-printer Message-ID: <201112200411.pBK4Bwas006200@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for system-config-printer SECUNIA ADVISORY ID: SA47321 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47321/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47321 RELEASE DATE: 2011-12-19 DISCUSS ADVISORY: http://secunia.com/advisories/47321/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47321/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47321 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for system-config-printer. This fixes two vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks and compromise a user's system. For more information: SA45744 SA46909 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:1331-1: http://lists.opensuse.org/opensuse-updates/2011-12/msg00010.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Dec 19 20:47:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 20 Dec 2011 05:47:31 +0100 Subject: [SEC] [SA47289] Social Network Community "userId" SQL Injection Vulnerability Message-ID: <201112200447.pBK4lVkG029790@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Social Network Community "userId" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA47289 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47289/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47289 RELEASE DATE: 2011-12-19 DISCUSS ADVISORY: http://secunia.com/advisories/47289/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47289/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47289 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Social Network Community, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "userId" parameter to user.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: Lazmania61 ORIGINAL ADVISORY: http://packetstormsecurity.org/files/107972/social2-sql.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 20 10:33:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 20 Dec 2011 19:33:50 +0100 Subject: [SEC] [SA47316] Ubuntu update for linux Message-ID: <201112201833.pBKIXos4028993@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux SECUNIA ADVISORY ID: SA47316 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47316/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47316 RELEASE DATE: 2011-12-20 DISCUSS ADVISORY: http://secunia.com/advisories/47316/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47316/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47316 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), and potentially gain escalated privileges and by malicious people to cause a DoS. For more information: SA43576 SA45420 SA46584 SA46591 SA46802 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1311-1: http://www.ubuntu.com/usn/usn-1311-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 20 11:33:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 20 Dec 2011 20:33:51 +0100 Subject: [SEC] [SA47319] Apple Safari Cache Objects History Enumeration Weakness Message-ID: <201112201933.pBKJXp6B021449@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Apple Safari Cache Objects History Enumeration Weakness SECUNIA ADVISORY ID: SA47319 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47319/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47319 RELEASE DATE: 2011-12-20 DISCUSS ADVISORY: http://secunia.com/advisories/47319/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47319/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47319 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been discovered in Apple Safari, which can be exploited by malicious people to disclose sensitive information. The weakness is caused due to an error when handling cache objects and can be exploited to enumerate visited sites. The weakness is confirmed in version 5.1.2. Other versions may also be affected. SOLUTION: There's currently no known effective workaround. PROVIDED AND/OR DISCOVERED BY: Originally discussed by Edward W. Felten and Michael A. Schneider, Princeton University. Additional information and proof provided by Michal Zalewski and mansour. ORIGINAL ADVISORY: Edward W. Felten and Michael A. Schneider: http://sip.cs.princeton.edu/pub/webtiming.pdf Michal Zalewski: http://lcamtuf.coredump.cx/cachetime/ mansour: http://oxplot.github.com/visipisi/visipisi.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 20 12:33:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 20 Dec 2011 21:33:12 +0100 Subject: [SEC] [SA47300] Debian update for mediawiki Message-ID: <201112202033.pBKKXCJH013852@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Debian update for mediawiki SECUNIA ADVISORY ID: SA47300 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47300/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47300 RELEASE DATE: 2011-12-20 DISCUSS ADVISORY: http://secunia.com/advisories/47300/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47300/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47300 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for mediawiki. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, and bypass certain security restrictions. For more information: SA44142 SA47029 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2366-1: http://www.debian.org/security/2011/dsa-2366 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 20 13:32:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 20 Dec 2011 22:32:32 +0100 Subject: [SEC] [SA47322] IrfanView FlashPix PlugIn Double-Free Vulnerability Message-ID: <201112202132.pBKLWWiu006258@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: IrfanView FlashPix PlugIn Double-Free Vulnerability SECUNIA ADVISORY ID: SA47322 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47322/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47322 RELEASE DATE: 2011-12-20 DISCUSS ADVISORY: http://secunia.com/advisories/47322/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47322/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47322 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Francis Provencher has discovered a vulnerability in the FlashPix PlugIn for IrfanView, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the use of a vulnerable version of the libfpx library. For more information: SA47246 The vulnerability is confirmed in version 4.2.2.0. Prior versions may also be affected. SOLUTION: Update to version 4.3.20 (part of the IrfanView 4.32 plugins bundle). Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Francis Provencher, Protek Research Lab's via Secunia. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 20 14:26:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 20 Dec 2011 23:26:59 +0100 Subject: [SEC] [SA47065] IrfanView TIFF Image Processing Buffer Overflow Vulnerability Message-ID: <201112202226.pBKMQxei030815@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: IrfanView TIFF Image Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA47065 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47065/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47065 RELEASE DATE: 2011-12-20 DISCUSS ADVISORY: http://secunia.com/advisories/47065/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47065/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47065 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Francis Provencher has discovered a vulnerability in IrfanView, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error when processing TIFF images with certain "Rows Per Strip" and "Samples Per Pixel" values, which can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted TIFF image file. The vulnerability is confirmed in version 4.30. Prior versions may also be affected. SOLUTION: Update to version 4.32. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Francis Provencher, Protek Research Lab's via Secunia. ORIGINAL ADVISORY: IrfanView: http://www.irfanview.com/main_history.htm OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 20 14:47:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 20 Dec 2011 23:47:07 +0100 Subject: [SEC] [SA47317] Ubuntu update for linux Message-ID: <201112202247.pBKMl7iA021225@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux SECUNIA ADVISORY ID: SA47317 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47317/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47317 RELEASE DATE: 2011-12-20 DISCUSS ADVISORY: http://secunia.com/advisories/47317/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47317/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47317 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges. For more information: SA46584 SA46591 SA46802 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1312-1: http://www.ubuntu.com/usn/usn-1312-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 20 15:12:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 21 Dec 2011 00:12:42 +0100 Subject: [SEC] [SA47294] PHPShop CMS Free Multiple Vulnerabilities Message-ID: <201112202312.pBKNCgPL011926@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: PHPShop CMS Free Multiple Vulnerabilities SECUNIA ADVISORY ID: SA47294 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47294/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47294 RELEASE DATE: 2011-12-20 DISCUSS ADVISORY: http://secunia.com/advisories/47294/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47294/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47294 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered multiple vulnerabilities in PHPShop CMS Free, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks. 1) Input passed via the URL to multiple scripts is not properly sanitised in the "Compile()" function in phpshop/class/admgui.class.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Examples: http://[host]/phpshop/admpanel/gbook/adm_gbook_new.php/[script] http://[host]/phpshop/admpanel/banner/adm_baner_new.php/[script] http://[host]/phpshop/admpanel/links/adm_links_new.php/[script] http://[host]/phpshop/admpanel/menu/adm_menu_new.php/[script] 2) Input passed via various parameters to multiple scripts is not properly sanitised in the "setInput()" function in class/admgui.class.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Examples: http://[host]/phpshop/admpanel/catalog/admin_cat_content.php?pid=[script] http://[host]/phpshop/admpanel/catalog/adm_catalog_new.php?id=[script] http://[host]/phpshop/admpanel/page/adm_pages_new.php?catalogID=[script] http://[host]/phpshop/admpanel/photo/admin_photo_content.php?pid=[script] 3) Input passed via the "id" parameter to phpshop/admpanel/catalog/adm_catalog_new.php is not properly sanitised in the "select()" function in phpshop/class/orm.class.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires the "Base Operator" privilege. 4) Input passed via the "catalogID" parameter to phpshop/admpanel/page/adm_pages_new.php and via the "pid" parameter to phpshop/admpanel/catalog/admin_cat_content.php and phpshop/admpanel/photo/admin_photo_content.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires the "Base Operator" privilege. The vulnerabilities are confirmed in version 3.4.2.7. Other versions may also be affected. SOLUTION: Reportedly fixed in version 3.4.3.1. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB23058: https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_phpshop_cms_free.html PHPShop CMS Free: http://www.phpshopcms.ru/release.html http://forum.phpshopcms.ru/index.php?showtopic=1508 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 20 15:47:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 21 Dec 2011 00:47:09 +0100 Subject: [SEC] [SA47246] libfpx "Free_All_Memory()" Double-Free Vulnerability Message-ID: <201112202347.pBKNl9LV003018@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: libfpx "Free_All_Memory()" Double-Free Vulnerability SECUNIA ADVISORY ID: SA47246 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47246/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47246 RELEASE DATE: 2011-12-20 DISCUSS ADVISORY: http://secunia.com/advisories/47246/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47246/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47246 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Francis Provencher has discovered a vulnerability in libfpx, which potentially can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to the "Free_All_Memory()" function (jpeg/dectile.c) not properly setting certain decoder elements to NULL after freeing them, which can be exploited to cause a double-free condition via specially crafted FPX images. The vulnerability is confirmed in version 1.3.1. Prior versions may also be affected. SOLUTION: Update to version 1.3.1-1. PROVIDED AND/OR DISCOVERED BY: Francis Provencher, Protek Research Lab's via Secunia. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 20 16:12:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 21 Dec 2011 01:12:31 +0100 Subject: [SEC] [SA47265] Avaya CMS Solaris TCP/IP Implementation Denial of Service Vulnerability Message-ID: <201112210012.pBL0CVIv026129@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Avaya CMS Solaris TCP/IP Implementation Denial of Service Vulnerability SECUNIA ADVISORY ID: SA47265 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47265/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47265 RELEASE DATE: 2011-12-20 DISCUSS ADVISORY: http://secunia.com/advisories/47265/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47265/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47265 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Avaya has acknowledged a vulnerability in Avaya CMS, which can be exploited by malicious users to cause a DoS (Denial of Service). For more information see vulnerability #4 in: SA45313 The vulnerability is reported in versions R15, R16, R16.1, and R16.2. SOLUTION: Update to version R16.3. ORIGINAL ADVISORY: Avaya (ASA-2011-216): https://support.avaya.com/css/P8/documents/100146780 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 20 16:46:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 21 Dec 2011 01:46:42 +0100 Subject: [SEC] [SA47301] Ubuntu update for linux-lts-backport-oneiric Message-ID: <201112210046.pBL0kgj3017257@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-lts-backport-oneiric SECUNIA ADVISORY ID: SA47301 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47301/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47301 RELEASE DATE: 2011-12-20 DISCUSS ADVISORY: http://secunia.com/advisories/47301/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47301/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47301 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-lts-backport-oneiric. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service). For more information: SA46584 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1313-1: http://www.ubuntu.com/usn/usn-1313-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 20 17:14:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 21 Dec 2011 02:14:33 +0100 Subject: [SEC] [SA47278] Tiki Wiki CMS Unspecified Cross-Site Scripting Vulnerability Message-ID: <201112210114.pBL1EXKj008081@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Tiki Wiki CMS Unspecified Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA47278 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47278/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47278 RELEASE DATE: 2011-12-20 DISCUSS ADVISORY: http://secunia.com/advisories/47278/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47278/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47278 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Tiki Wiki CMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 6.5 and prior to 8.2. SOLUTION: Update to version 6.5 or 8.2. PROVIDED AND/OR DISCOVERED BY: The vendor credits Mario Gomes and Marc Laporte. ORIGINAL ADVISORY: Tiki Wiki: http://info.tiki.org/article183-Tiki-Wiki-CMS-Groupware-8-2-and-6-5LTS-Security-Patches-Available OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 20 17:47:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 21 Dec 2011 02:47:02 +0100 Subject: [SEC] [SA47168] Koha "Referer" HTTP Header and "KohaOpacLanguage" Local File Inclusion Vulnerabilities Message-ID: <201112210147.pBL1l2DU031503@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Koha "Referer" HTTP Header and "KohaOpacLanguage" Local File Inclusion Vulnerabilities SECUNIA ADVISORY ID: SA47168 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47168/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47168 RELEASE DATE: 2011-12-20 DISCUSS ADVISORY: http://secunia.com/advisories/47168/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47168/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47168 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Koha, which can be exploited by malicious people to disclose sensitive information. 1) Input passed to the "KohaOpacLanguage" cookie value in cgi-bin/koha/opac-main.pl is not properly sanitised before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes. 2) Input passed via the "Referer" HTTP header to help.pl is not properly sanitised before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes. The vulnerabilities are reported in 3.4.x versions prior to 3.4.7 and 3.6.x versions prior to 3.6.1. SOLUTION: Update to version 3.4.7 or 3.6.1. PROVIDED AND/OR DISCOVERED BY: Reported within Koha bug reports by Fr?re S?bastien Marie. ORIGINAL ADVISORY: Koha: http://koha-community.org/koha-3-4-7/ http://koha-community.org/koha-3-6-1/ http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6628 http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6629 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 20 18:13:25 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 21 Dec 2011 03:13:25 +0100 Subject: [SEC] [SA47248] Contentpapst Multiple Cross-Site Scripting and Script Insertion Vulnerabilities Message-ID: <201112210213.pBL2DPcU022226@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Contentpapst Multiple Cross-Site Scripting and Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA47248 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47248/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47248 RELEASE DATE: 2011-12-20 DISCUSS ADVISORY: http://secunia.com/advisories/47248/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47248/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47248 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Contentpapst, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks. 1) Input passed to the "form[search]" parameter in admin.php (when "file" is set to "news") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "form[title]", "form[description]", and "form[permalink]" parameters to admin.php when creating a category is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 3) Input passed via the "form[name]", "form[meta_description]", and "form[permalink]" parameters to admin.php when creating an article is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 4) Input passed via the "form[newstitle]", "form[permalink]", "form[link1]", "form[link2]", and "form[link3]" parameters to admin.php when creating a news post is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation of vulnerabilities #2-#4 requires "Redakteur" privileges. 5) Input passed via the "form[title]", "form[desc]", and "form[url]" parameters to admin.php when creating a link is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation of vulnerability #5 requires "Chefredakteur" privileges. The vulnerabilities are reported in version 2011.2. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: Benjamin Kunz Mejri (Rem0ve) and Pim J.F.P. Campers via Vulnerability Research Laboratory. ORIGINAL ADVISORY: http://www.vulnerability-lab.com/get_content.php?id=363 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 20 18:48:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 21 Dec 2011 03:48:08 +0100 Subject: [SEC] [SA47273] Debian update for asterisk Message-ID: <201112210248.pBL2m8VZ013400@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Debian update for asterisk SECUNIA ADVISORY ID: SA47273 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47273/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47273 RELEASE DATE: 2011-12-20 DISCUSS ADVISORY: http://secunia.com/advisories/47273/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47273/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47273 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for asterisk. This fixes a weakness and a vulnerability, which can be exploited by malicious people to disclose certain system information and cause a DoS (Denial of Service). For more information: SA47059 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2367-1: http://www.debian.org/security/2011/dsa-2367 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 20 19:21:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 21 Dec 2011 04:21:40 +0100 Subject: [SEC] [SA47205] SecSigner "seccommerce.resource" Property Handling Vulnerability Message-ID: <201112210321.pBL3LeUu006097@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SecSigner "seccommerce.resource" Property Handling Vulnerability SECUNIA ADVISORY ID: SA47205 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47205/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47205 RELEASE DATE: 2011-12-20 DISCUSS ADVISORY: http://secunia.com/advisories/47205/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47205/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47205 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SEC Consult has reported a vulnerability in SecSigner, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the applet insecurely handling the "seccommerce.resource" property defined in secsigner.properties (when the "seccommerce.resource.localcopy" property is set to "on"), which leads to insufficient authenticity validation of downloaded resource files. This can be exploited to download and execute arbitrary files by tricking a user into visiting a malicious web site. The vulnerability is reported in versions 3.5.0 prior to 2011-11-12. SOLUTION: The vendor has released an updated version 3.5.0 on 2011-11-14. Additionally enable the certificate revocation check via e.g. OCSP or Java preferences. PROVIDED AND/OR DISCOVERED BY: E. Demeter and J. Greil, SEC Consult Vulnerability Lab ORIGINAL ADVISORY: SEC Consult: http://www.sec-consult.com/files/20111219-0_Seccommerce_SecSigner_remote_file_upload.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 20 19:47:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 21 Dec 2011 04:47:06 +0100 Subject: [SEC] [SA47291] Ubuntu update for python Message-ID: <201112210347.pBL3l6BX029168@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for python SECUNIA ADVISORY ID: SA47291 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47291/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47291 RELEASE DATE: 2011-12-20 DISCUSS ADVISORY: http://secunia.com/advisories/47291/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47291/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47291 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for python. This fixes a security issue and a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service). For more information: SA41968 SA43831 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1314-1: http://www.ubuntu.com/usn/usn-1314-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 20 20:12:15 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 21 Dec 2011 05:12:15 +0100 Subject: [SEC] [SA47263] Enterasys Network Management Suite Syslog Buffer Overflow Vulnerability Message-ID: <201112210412.pBL4CF6p019836@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Enterasys Network Management Suite Syslog Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA47263 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47263/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47263 RELEASE DATE: 2011-12-20 DISCUSS ADVISORY: http://secunia.com/advisories/47263/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47263/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47263 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Enterasys Network Management Suite, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the Syslog service (nssyslogd.exe) when processing the PRIO field. This can be exploited to cause a stack-based buffer overflow via an overly long message sent to UDP port 514. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in versions prior to 4.1.0.80. SOLUTION: Update to version 4.1.0.80. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Jeremy Brown and Andrea Micalizzi aka rgod via ZDI. ORIGINAL ADVISORY: Enterasys Networks: https://cp-enterasys.kb.net/al/12/3/article.aspx?aid=14206&bt=4 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-350/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 20 20:46:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 21 Dec 2011 05:46:55 +0100 Subject: [SEC] [SA47312] Ubuntu update for libarchive Message-ID: <201112210446.pBL4ktFU010987@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for libarchive SECUNIA ADVISORY ID: SA47312 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47312/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47312 RELEASE DATE: 2011-12-20 DISCUSS ADVISORY: http://secunia.com/advisories/47312/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47312/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47312 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for libarchive. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the library. For more information: SA47049 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1310-1: http://www.ubuntu.com/usn/usn-1310-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Dec 20 21:12:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 21 Dec 2011 06:12:26 +0100 Subject: [SEC] [SA47240] virtualenv Insecure Temporary Files Security Issue Message-ID: <201112210512.pBL5CQ1o001599@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: virtualenv Insecure Temporary Files Security Issue SECUNIA ADVISORY ID: SA47240 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47240/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47240 RELEASE DATE: 2011-12-20 DISCUSS ADVISORY: http://secunia.com/advisories/47240/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47240/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47240 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been discovered in virtualenv, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the virtualenv.py script creating temporary files in an insecure manner, which can be exploited to e.g. overwrite arbitrary files via symlink attacks. The security issue is confirmed in version 1.4.9. Prior versions may also be affected. SOLUTION: Update to version 1.5. PROVIDED AND/OR DISCOVERED BY: Disclosed in a GIT commit. ORIGINAL ADVISORY: https://github.com/pypa/virtualenv/commit/68075ad9ededf7df2c46d385f836c13b729de2ca OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 21 10:33:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 21 Dec 2011 19:33:30 +0100 Subject: [SEC] [SA47336] TORCS Buffer Overflow Vulnerability Message-ID: <201112211833.pBLIXU1k031990@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: TORCS Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA47336 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47336/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47336 RELEASE DATE: 2011-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/47336/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47336/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47336 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in TORCS, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the use of a vulnerable version of the PLIB library. For more information: SA47297 Successful exploitation allows the execution of arbitrary code, but e.g. requires that a malicious car is used. The vulnerability is confirmed in version 1.3.1 (Windows binaries). Other versions may also be affected. SOLUTION: Do not use untrusted cars. PROVIDED AND/OR DISCOVERED BY: Andres Gomez ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/18258/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 21 11:32:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 21 Dec 2011 20:32:36 +0100 Subject: [SEC] [SA47297] PLIB "ulSetError()" Buffer Overflow Vulnerability Message-ID: <201112211932.pBLJWaTa024393@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: PLIB "ulSetError()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA47297 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47297/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47297 RELEASE DATE: 2011-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/47297/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47297/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47297 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in PLIB, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to a boundary error within the "ulSetError()" function (src/util/ulError.cxx) when creating the error message, which can be exploited to overflow a static buffer. Successful exploitation allows the execution of arbitrary code but requires that the attacker can e.g. control the content of an overly long error message passed to the "ulSetError()" function. The vulnerability is confirmed in version 1.8.5. Other versions may also be affected. SOLUTION: Do not use applications using the library. PROVIDED AND/OR DISCOVERED BY: Originally reported in TORCS by Andres Gomez. ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/18258/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 21 12:34:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 21 Dec 2011 21:34:40 +0100 Subject: [SEC] [SA47298] Red Hat update for tomcat5 Message-ID: <201112212034.pBLKYesc016938@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for tomcat5 SECUNIA ADVISORY ID: SA47298 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47298/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47298 RELEASE DATE: 2011-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/47298/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47298/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47298 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for tomcat5. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and disclose sensitive information and by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks. For more information: SA43198 SA44981 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1845-1: https://rhn.redhat.com/errata/RHSA-2011-1845.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 21 13:31:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 21 Dec 2011 22:31:59 +0100 Subject: [SEC] [SA47303] IBM Java Two Vulnerabilities Message-ID: <201112212131.pBLLVxSn009260@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: IBM Java Two Vulnerabilities SECUNIA ADVISORY ID: SA47303 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47303/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47303 RELEASE DATE: 2011-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/47303/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47303/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47303 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged two vulnerabilities in IBM Java, which can be exploited by malicious people to disclose potentially sensitive information, hijack a user's session, and conduct DNS cache poisoning attacks. For more information see vulnerabilities #1 and #12: SA46512 SOLUTION: Update to version 1.4.2 SR13 FP11 and 6 SR10. ORIGINAL ADVISORY: http://www.ibm.com/support/docview.wss?uid=swg21571596 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 21 14:27:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 21 Dec 2011 23:27:42 +0100 Subject: [SEC] [SA47324] NVIDIA Stereoscopic 3D Driver Privilege Escalation Vulnerability Message-ID: <201112212227.pBLMRg9E001408@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: NVIDIA Stereoscopic 3D Driver Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA47324 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47324/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47324 RELEASE DATE: 2011-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/47324/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47324/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47324 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in NVIDIA Stereoscopic 3D Driver, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to improper validation and sanitisation of specific commands to a named pipe and can be exploited to execute arbitrary commands with LocalSystem privileges. The vulnerability is reported in version 7.17.12.7536. Other versions may also be affected. SOLUTION: Update to version 7.17.12.7565 or later. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Jeong Wook Oh, Microsoft Malware Protection Center (MMPC) ORIGINAL ADVISORY: Microsoft: http://technet.microsoft.com/en-us/security/msvr/msvr11-016 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 21 14:47:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 21 Dec 2011 23:47:36 +0100 Subject: [SEC] [SA47325] VLC Media Player "get_chunk_header()" Double-Free Vulnerability Message-ID: <201112212247.pBLMla78024258@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: VLC Media Player "get_chunk_header()" Double-Free Vulnerability SECUNIA ADVISORY ID: SA47325 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47325/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47325 RELEASE DATE: 2011-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/47325/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47325/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47325 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a double-free error within the "get_chunk_header()" function (modules/demux/ty.c) of the TiVo demuxer and can be exploited to corrupt memory by e.g. tricking a user into opening a specially crafted TiVo (*.ty) file. The vulnerability is reported in versions 0.9.0 through 1.1.12. SOLUTION: Apply patch and update to version 1.1.13 when available. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Clement Lecigne. ORIGINAL ADVISORY: VideoLAN-SA-1108: http://www.videolan.org/security/sa1108.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Dec 21 15:12:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 22 Dec 2011 00:12:40 +0100 Subject: [SEC] [SA47302] Mozilla Firefox / Thunderbird Multiple Vulnerabilities Message-ID: <201112212312.pBLNCerw014929@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Mozilla Firefox / Thunderbird Multiple Vulnerabilities SECUNIA ADVISORY ID: SA47302 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47302/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47302 RELEASE DATE: 2011-12-21 DISCUSS ADVISORY: http://secunia.com/advisories/47302/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47302/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47302 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Mozilla Firefox and Thunderbird, where one has an unknown impact and others can be exploited by malicious people to disclose sensitive information and compromise a user's system. 1) Some unspecified errors can be exploited to corrupt memory. No further information is currently available. 2) An error exists within the YARR regular expression library when parsing javascript content. 3) An error within the SVG implementation when SVG elements are removed during a DOMAttrModified event can be exploited to cause an out-of-bounds memory access. 4) The application does not properly handle SVG animation accessKey events when JavaScript is disabled. This can lead to the user's key strokes being leaked. 5) An error within the plugin handler when deleting DOM frame can be exploited to dereference memory. NOTE: This vulnerability only affects Mac OS X. 6) An error exists within the handling of OGG